CVE Vulnerability

CVE-2020-27386

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /.

6.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://blog.vonahi.io/whats-in-a-re-name/ Exploit Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/14339 Exploit Patch
https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9 Release Notes Third Party Advisory
http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:*:*:*:*:*:*:*:*
Information

Published : 2020-11-12 07:15

Updated : 2022-12-06 09:18

NVD link : CVE-2020-27386

Mitre link : CVE-2020-27386

Products Affected
No products.
CWE
CWE-434