CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27385

Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.1%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 5.5

References

Products affected by CVE-2020-27385

Flexdotnetcms Project » Flexdotnetcms » Version: 0.1.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.1.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.2.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.2.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.3.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.3.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.3.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.3.1
Flexdotnetcms Project » Flexdotnetcms » Version: 0.4.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.4.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.4.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.4.1
Flexdotnetcms Project » Flexdotnetcms » Version: 0.5.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.5.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.1
Flexdotnetcms Project » Flexdotnetcms » Version: 0.5.2

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.2
Flexdotnetcms Project » Flexdotnetcms » Version: 0.5.3

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.3
Flexdotnetcms Project » Flexdotnetcms » Version: 0.6.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.6.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.7.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.7.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.1
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.2

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.2
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.3

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.3
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.4

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.4
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.5

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.5
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.6

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.6
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.7

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.7
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.8

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.8
Flexdotnetcms Project » Flexdotnetcms » Version: 0.8.9

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.9
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.0
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.1
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.2

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.2
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.3

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.3
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.4

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.4
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.5

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.5
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.6

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.6
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.7

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.7
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.8

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.8
Flexdotnetcms Project » Flexdotnetcms » Version: 0.9.9

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.9
Flexdotnetcms Project » Flexdotnetcms » Version: 1.0.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.0.0
Flexdotnetcms Project » Flexdotnetcms » Version: 1.0.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.0.1
Flexdotnetcms Project » Flexdotnetcms » Version: 1.1.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.1.0
Flexdotnetcms Project » Flexdotnetcms » Version: 1.2.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.2.0
Flexdotnetcms Project » Flexdotnetcms » Version: 1.3.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.0
Flexdotnetcms Project » Flexdotnetcms » Version: 1.3.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.1
Flexdotnetcms Project » Flexdotnetcms » Version: 1.3.2

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.2
Flexdotnetcms Project » Flexdotnetcms » Version: 1.3.3

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.3
Flexdotnetcms Project » Flexdotnetcms » Version: 1.4.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.4.0
Flexdotnetcms Project » Flexdotnetcms » Version: 1.4.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.4.1
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.0

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.0
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.1

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.1
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.10

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.10
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.2

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.2
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.3

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.3
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.4

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.4
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.5

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.5
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.6

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.6
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.7

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.7
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.8

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.8
Flexdotnetcms Project » Flexdotnetcms » Version: 1.5.9

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27385

Products

Pricing

Contact Us