PT-2020-13752 · Kordil · Kordil Edms

Published

2020-06-22

Updated

2020-06-30

CVE-2020-13887

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kordil EDMS versions through 2.2.60rc3

Description The issue allows remote command execution due to the ability to upload .php files to the documents folder through the documents add.php file.

Recommendations For versions through 2.2.60rc3, restrict access to the documents add.php file to prevent uploading of malicious .php files until a patch is available. As a temporary workaround, consider disabling the upload functionality in the documents add.php file to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-13887

Affected Products

Kordil Edms

PT-2020-13752 · Kordil · Kordil Edms

CVE-2020-13887

Weakness Enumeration

Related Identifiers

Affected Products

References · 5