Vulnerability Details CVE-2020-13227
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/wrongsid3
- https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities/blob/master/README.md
- https://pasteboard.co/J9eF12G.png
- https://github.com/wrongsid3
- https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities/blob/master/README.md
- https://pasteboard.co/J9eF12G.png
Products affected by CVE-2020-13227
-
cpe:2.3:a:sysax:multi_server:6.90