CVE-2020-11579

Name of the Vulnerable Software and Affected Versions Chadha PHPKB version 9.0 Enterprise Edition

Description The issue is related to insufficient input validation in the Chadha PHPKB software. This allows a remote unauthenticated attacker to disclose local files on hosts running PHP versions prior to 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. The vulnerable component is the installer/test-connection.php file, which is part of the installation process.

Recommendations For Chadha PHPKB version 9.0 Enterprise Edition, consider disabling the installer/test-connection.php file until a patch is available to prevent exploitation. Additionally, restrict access to the MySQL ALLOW LOCAL DATA INFILE option to minimize the risk of unauthorized data disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.