CVE-2020-13443

Name of the Vulnerable Software and Affected Versions ExpressionEngine versions prior to 5.3.2

Description The issue allows remote attackers to upload and execute arbitrary code in a .php file. This can be achieved via Compose Msg, Add attachment, and Save As Draft actions, exploiting the ability to bypass MIME type and file-extension checks during file uploads. Attackers with low privileges, such as members, can upload malicious files. The vulnerability enables direct access to uploaded files, bypassing short aliases. Exploitation requires the ability to send and compose messages, at least.

Recommendations For versions prior to 5.3.2, update to version 5.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the file upload feature for members or restricting access to the Compose Msg, Add attachment, and Save As Draft actions until the update is applied. Additionally, restrict registration and forum access to prevent the creation of new members with the default group id of 5.