.. / CVE-2020-23972

Exploit for Joomla! Component GMapFP 3.5 - Arbitrary File Upload (CVE-2020-23972)

Description:

Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double ext.

Nuclei Template

View the template here CVE-2020-23972.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-23972.yaml

References:

http://packetstormsecurity.com/files/159072/Joomla-GMapFP-J3.5-J3.5F-Arbitrary-File-Upload.html
https://www.exploit-db.com/exploits/49129
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2020-23972
https://raw.githubusercontent.com/me4yoursecurity/Reports/master/README.md

.. / CVE-2020-23972 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Joomla! Component GMapFP 3.5 - Arbitrary File Upload (CVE-2020-23972)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-23972