CVE-2020-13442

Name of the Vulnerable Software and Affected Versions DEXT5 versions through 2.7.1402870

Description A remote code execution issue exists due to a vulnerability in DEXT5Upload. This allows an attacker to upload a PHP file via the "dext5handler.jsp" handler, as the uploaded file is stored under "dext5uploadeddata/".

Recommendations For versions through 2.7.1402870, consider restricting access to the "dext5handler.jsp" handler to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict the execution of PHP files in the "dext5uploadeddata/" directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.