SB2020012810 - Arbitrary file upload in Super File Explorer app for iOS
Published: January 28, 2020
Security Bulletin ID
SB2020012810
Severity
High
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Arbitrary file upload (CVE-ID: CVE-2020-7998)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file extension when uploading files in the developer path that is accessible and hidden next to the root path. A remote attacker can upload and execute arbitrary file on the system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.