PT-2020-12057 · Chadha · Phpkb Standard Multi-Language
Antonio Cannito
·
Published
2020-03-12
·
Updated
2022-08-19
·
CVE-2020-10387
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the
file parameter in the "admin/download.php" endpoint.Recommendations
For version 9, restrict access to the "admin/download.php" endpoint to minimize the risk of exploitation. Avoid using the
file parameter in this endpoint until the issue is resolved.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpkb Standard Multi-Language