How severe is CVE-2020-8866?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-8866?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2020-8866 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.

Related Vulnerabilities

CVE-2016-8973

MEDIUM

CVSS:4.3(Medium)

IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.

CWE-4342016

CVE-2018-0571

MEDIUM

CVSS:4.3(Medium)

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files.

CWE-4342018

CVE-2018-0587

MEDIUM

CVSS:4.3(Medium)

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

CWE-4342018

CVE-2019-19084

MEDIUM

CVSS:4.3(Medium)

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underly...

CWE-4342019

CVE-2019-4056

MEDIUM

CVSS:4.3(Medium)

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

CWE-4342019

CVE-2020-29447

MEDIUM

CVSS:4.3(Medium)

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. ...

CWE-4342020