PT-2020-19909 · Unknown · Super File Explorer

Adesh Nandkishor Kolte

Published

2020-01-28

Updated

2020-02-04

CVE-2020-7998

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Super File Explorer app version 1.0.1

Description A file upload issue has been found, located in a developer path next to the root path, which is accessible and hidden. This path is associated with the FTP or Web UI service, for which no password is set by default.

Recommendations For Super File Explorer app version 1.0.1, consider setting a password for the FTP or Web UI service to minimize the risk of exploitation. As a temporary workaround, restrict access to the developer path to prevent unauthorized file uploads until a patch is available.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-7998

Affected Products

Super File Explorer

PT-2020-19909 · Unknown · Super File Explorer

CVE-2020-7998

Weakness Enumeration

Related Identifiers

Affected Products

References · 4