CVE-2020-10387

Опубликовано: 12 мар. 2020

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Средний

Описание

Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.

Ссылки

http://antoniocannito.it/?p=137#afd
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/156754/PHPKB-Multi-Language-9-Authenticated-Directory-Traversal.html
Third Party Advisory
VDB Entry
https://antoniocannito.it/phpkb1#authenticated-arbitrary-file-download-cve-2020-10387
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48220
Third Party Advisory
VDB Entry
http://antoniocannito.it/?p=137#afd
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/156754/PHPKB-Multi-Language-9-Authenticated-Directory-Traversal.html
Third Party Advisory
VDB Entry
https://antoniocannito.it/phpkb1#authenticated-arbitrary-file-download-cve-2020-10387
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48220
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chadhaajay:phpkb:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12786

Средний

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-86g4-3q94-q63v