CVE-2020-36825

Name of the Vulnerable Software and Affected Versions cyberaz0r WebRAT up to 20191222

Description A critical issue affects the function download file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The real existence of this issue is still doubted at the moment.

Recommendations Apply a patch to fix this issue, specifically the patch identified as 0c394a795b9c10c07085361e6fcea286ee793701. As a temporary workaround, consider restricting access to the download file function in the Server/api.php file until a patch is applied. Avoid using the name argument in the affected API endpoint until the issue is resolved.