Vulnerability Details CVE-2020-27386
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.847
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html
- https://blog.vonahi.io/whats-in-a-re-name/
- https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9
- https://github.com/rapid7/metasploit-framework/pull/14339
- http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html
- https://blog.vonahi.io/whats-in-a-re-name/
- https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9
- https://github.com/rapid7/metasploit-framework/pull/14339
Products affected by CVE-2020-27386
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.1.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.2.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.3.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.3.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.4.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.4.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.2
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.5.3
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.6.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.7.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.2
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.3
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.4
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.5
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.6
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.7
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.8
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.8.9
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.2
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.3
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.4
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.5
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.6
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.7
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.8
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:0.9.9
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.0.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.0.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.1.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.2.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.2
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.3.3
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.4.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.4.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.0
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.1
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.2
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.3
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.4
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.5
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.6
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.7
-
cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:1.5.8