PT-2022-8621 · Unknown · Zhimengzhe Ibarn
Tazkimi
·
Published
2022-12-15
·
Updated
2025-04-21
·
CVE-2020-20588
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
zhimengzhe iBarn version 1.5
Description
The issue allows remote attackers to run arbitrary code via avatar upload to "index.php". This is due to a file upload vulnerability in the
upload function in action/Core.class.php.Recommendations
For zhimengzhe iBarn version 1.5, consider disabling the
upload function in action/Core.class.php to prevent exploitation until a fix is available. Restrict access to the "index.php" endpoint to minimize the risk of arbitrary code execution. Avoid using the avatar upload feature in zhimengzhe iBarn version 1.5 until the issue is resolved.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zhimengzhe Ibarn