Vulnerability Details : CVE-2020-28337
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.
Vulnerability category: Directory traversalExecute code
Products affected by CVE-2020-28337
- cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-28337
25.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-28337
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2020-28337
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-28337
-
https://github.com/microweber/microweber/commit/777ee9c3e7519eb3672c79ac41066175b2001b50
update · microweber/microweber@777ee9c · GitHubPatch;Third Party Advisory
-
http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-Execution.html
Microweber CMS 1.1.20 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://sl1nki.page/advisories/CVE-2020-28337
CVE-2020-28337 - Microweber v1.1.20 - Zip Slip Directory Traversal | Sl1nki’s PageThird Party Advisory
-
https://sl1nki.page/blog/2021/02/01/microweber-zip-slip
Microweber - Exploiting a Zip Slip | Sl1nki’s PageExploit;Patch;Third Party Advisory
Jump to