CVE-2020-20907

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: MetInfo version 7.0 beta

Description: The issue allows attackers to delete and modify ini files in specific locations, including app/system/language/admin/language general.class.php and app/system/include/function/file.func.php.

Recommendations: For MetInfo version 7.0 beta, consider restricting access to the vulnerable files until a patch is available. As a temporary workaround, restrict modifications to ini files in the affected locations to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-20907

Affected Products

Metinfo

CVE-2020-20907

Weakness Enumeration

Related Identifiers

Affected Products

References · 6