CVE-2020-28337 Information

Jun 07, 2022 cve

Description

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability an attacker must have the credentials of an administrative user upload a maliciously constructed ZIP file with file paths including relative paths (i.e. ../../) move this file into the backup directory and execute a restore on this file.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://sl1nki.page/advisories/CVE-2020-28337 https://sl1nki.page/blog/2021/02/01/microweber-zip-slip https://github.com/microweber/microweber/commit/777ee9c3e7519eb3672c79ac41066175b2001b50 http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-Execution.html

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2

Share on: