Vulnerability Details : CVE-2020-10567
Public exploit exists!
An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.)
Vulnerability category: Input validation
Products affected by CVE-2020-10567
- cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10567
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10567
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-10567
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-10567
-
http://packetstormsecurity.com/files/171280/ZwiiCMS-12.2.04-Remote-Code-Execution.html
ZwiiCMS 12.2.04 Remote Code Execution ≈ Packet Storm
-
https://github.com/trippo/ResponsiveFilemanager/issues/600
remote code execution vulnerability in ajax_calls.php in save_img action because of no validation on extension name. · Issue #600 · trippo/ResponsiveFilemanager · GitHubExploit;Third Party Advisory
Jump to