CVE-2020-36006 : AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability w

AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site.

Published 2021-06-03 23:15:09

Updated 2021-06-08 17:34:18

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-36006

Appcms » Appcms » Version: 2.0.101
cpe:2.3:a:appcms:appcms:2.0.101:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:P	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	1.2	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

https://github.com/source-trace/appcms/issues/4

I found out in /admin/info.php After logging in, allow me to delete any file(Login required) · Issue #4 · source-trace/appcms · GitHub
Exploit;Third Party Advisory

Jump to