Primary

Context

Verytops Verydows Insecure Permissions Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability in Verytops Verydows version 2.0 allows remote attackers to execute arbitrary code by uploading files with certain extensions. The issue arises from improper permission settings in the application.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Verydows is installed.

Reproduction

To reproduce this vulnerability, log into the backend of the Verytops Verydows application. Once logged in, navigate to the product image upload interface. Upload a file with a PHP file extension, which will be accepted due to the insecure permission settings. After the file is uploaded, it can be executed, leading to code execution on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Verytops Verydows Insecure Permissions Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Verytops verydows

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating