PT-2021-10615 · Popojicms · Popojicms

Jinnywco

Published

2021-08-06

Updated

2021-08-13

CVE-2020-21356

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: PopojiCMS version 1.2

Description: An information disclosure issue in the upload.php file of PopojiCMS leads to the physical path disclosure of the host. This occurs when the name variable equals "file" and is deleted during file uploads, specifically through the "upload.php" endpoint.

Recommendations: For PopojiCMS version 1.2, as a temporary workaround, consider restricting access to the upload.php file until a patch is available. Avoid using the name variable with the value "file" in the upload process to minimize the risk of exploitation.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2020-21356

Affected Products

Popojicms

PT-2021-10615 · Popojicms · Popojicms

CVE-2020-21356

Weakness Enumeration

Related Identifiers

Affected Products

References · 4