CVE-2020-10457

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue allows attackers to rename any file on the web server by exploiting a path traversal vulnerability. This is achieved by using a dot-dot-slash sequence (../) via the imgName and imgUrl parameters in the POST request. The imgName parameter is used for the new name, and the imgUrl parameter is used for the current file to be renamed.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing the imgName and imgUrl parameters to prevent path traversal attacks. As a temporary workaround, restrict access to the admin/imagepaster/image-renaming.php script to minimize the risk of exploitation.