CVE-2020-37023

Name of the Vulnerable Software and Affected Versions Koken CMS version 0.22.24

Description Koken CMS contains a file upload issue that permits authenticated attackers to circumvent file extension limitations by renaming malicious PHP files. Attackers can upload PHP files capable of executing system commands by altering the file upload request using a web proxy and modifying the file extension. The issue allows bypassing file extension restrictions.

Recommendations Update to a newer version that contains a fix for this vulnerability.