CVE-2020-25287

Name of the Vulnerable Software and Affected Versions Pligg version 2.0.3

Description The issue allows remote authenticated users to execute arbitrary commands. This is possible because the template editor can edit any file. For example, an attacker can send a request to admin/admin editor.php with parameters like the file=..%2Findex.php and open=Open to execute arbitrary commands.

Recommendations For Pligg version 2.0.3, restrict access to the template editor to prevent unauthorized file edits. As a temporary workaround, consider disabling the template editor until a patch is available.