PT-2020-12056 · Chadha · Chadha Phpkb Standard Multi-Language

Antonio Cannito

Published

2020-03-12

Updated

2022-04-18

CVE-2020-10386

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue allows remote attackers to achieve code execution by uploading a .php file in the admin/js/ directory. This is made possible through the admin/imagepaster/image-upload.php file.

Recommendations For version 9, restrict access to the admin/imagepaster/image-upload.php file to prevent unauthorized uploads, and consider removing or restricting write access to the admin/js/ directory until a fix is available.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-10386

Affected Products

Chadha Phpkb Standard Multi-Language

PT-2020-12056 · Chadha · Chadha Phpkb Standard Multi-Language

CVE-2020-10386

Weakness Enumeration

Related Identifiers

Affected Products

References · 6