{"api_version":"1","generated_at":"2026-04-26T09:08:49+00:00","cve":"CVE-2020-10224","urls":{"html":"https://cve.report/CVE-2020-10224","api":"https://cve.report/api/cve/CVE-2020-10224.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-10224","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-10224"},"summary":{"title":"CVE-2020-10224","description":"An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-03-08 23:15:00","updated_at":"2023-11-13 14:48:00"},"problem_types":["CWE-434"],"metrics":[],"references":[{"url":"https://tib3rius.com/cves.html","name":"https://tib3rius.com/cves.html","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVEs | Tib3rius","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/47887","name":"https://www.exploit-db.com/exploits/47887","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Online Book Store 1.0 - Unauthenticated Remote Code Execution - PHP webapps Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-10224","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10224","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"10224","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phpgurukul","cpe5":"online_book_store","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10224","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phpgurukul","cpe5":"phpgurukul_online_book_store","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10224","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phpgurukul","cpe5":"phpgurukul_online_book_store","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-10224","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.exploit-db.com/exploits/47887","refsource":"MISC","name":"https://www.exploit-db.com/exploits/47887"},{"url":"https://tib3rius.com/cves.html","refsource":"MISC","name":"https://tib3rius.com/cves.html"}]}},"nvd":{"publishedDate":"2020-03-08 23:15:00","lastModifiedDate":"2023-11-13 14:48:00","problem_types":["CWE-434"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:phpgurukul:online_book_store:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"10224","Ordinal":"170634","Title":"CVE-2020-10224","CVE":"CVE-2020-10224","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"10224","Ordinal":"1","NoteData":"An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"10224","Ordinal":"2","NoteData":"2020-03-08","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"10224","Ordinal":"3","NoteData":"2020-03-08","Type":"Other","Title":"Modified"}]}}}