PT-2021-11902 · Appcms · Appcms

H9Dawn

Published

2021-06-03

Updated

2021-06-08

CVE-2020-36006

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AppCMS version 2.0.101

Description: The issue allows attackers to delete arbitrary files on the site due to an arbitrary file deletion vulnerability in /admin/info.php.

Recommendations: For AppCMS version 2.0.101, consider restricting access to the /admin/info.php endpoint until a patch is available. As a temporary workaround, limit the ability to delete files on the site to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-36006

Affected Products

Appcms

PT-2021-11902 · Appcms · Appcms

CVE-2020-36006

Related Identifiers

Affected Products

References · 4