CVE-2020-36973

Name of the Vulnerable Software and Affected Versions PDW File Browser version 1.3

Description An issue allows authenticated users to perform remote code execution by uploading and renaming webshell files to arbitrary locations on the web server. This is achieved by uploading a .txt webshell, renaming it to .php, and moving it to accessible directories using double-encoded path traversal, which is a technique used to bypass security filters by encoding path characters multiple times to access restricted directories.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.