Main Vulnerability Database SB2020052908

SB2020052908 - Arbitrary file upload in Microweber

Published: May 29, 2020

Security Bulletin ID SB2020052908

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Arbitrary file upload (CVE-ID: CVE-2020-13241)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the "admin/view:modules/load_module:users#edit-user=1". A remote attacker can upload a malicious file and execute it on the server.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://gist.github.com/virendratiwari03/0af29841fdf27207eb3abc8f28d326f3