exploitDog

CVE-2020-25881

Опубликовано: 29 окт. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.

Ссылки

http://www.ranko.cn/index.html
Vendor Advisory
https://gitee.com/wuxi_ranko/cms
Broken Link
https://github.com/AubreyJun/cms/issues/2
Exploit
Third Party Advisory
http://www.ranko.cn/index.html
Vendor Advisory
https://gitee.com/wuxi_ranko/cms
Broken Link
https://github.com/AubreyJun/cms/issues/2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ranko:rkcms:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01459

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-9rwq-2qv8-4jpv

github

больше 3 лет назад

A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.

EPSS

Процентиль: 80%

0.01459

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-22