PT-2020-20250 · Lotus · Lotus Core Cms

Published

2020-02-05

Updated

2020-02-07

CVE-2020-8641

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lotus Core CMS version 1.0.1

Description The issue allows authenticated Local File Inclusion of .php files via directory traversal in the page slug parameter of the index.php page.

Recommendations For Lotus Core CMS version 1.0.1, consider restricting access to the page slug parameter in the index.php page to minimize the risk of exploitation. As a temporary workaround, restrict the ability to include local .php files via directory traversal until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-8641

Affected Products

Lotus Core Cms

PT-2020-20250 · Lotus · Lotus Core Cms

CVE-2020-8641

Weakness Enumeration

Related Identifiers

Affected Products

References · 4