CVE-2020-27385

Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor.

CVSS v3 8.1 HIGH
CVSS v2.0 5.5 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://blog.vonahi.io/whats-in-a-re-name/	Exploit Third Party Advisory
https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-12 19:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-27385

Mitre link : CVE-2020-27385

CVE.ORG link : CVE-2020-27385

JSON object : View

Products Affected

flexdotnetcms_project

flexdotnetcms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2020-27385", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2020-11-12T19:15:15.113", "references": [{"url": "https://blog.vonahi.io/whats-in-a-re-name/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\\..\\..\\..\\..\\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\\<file>). The files can then be edited via the FileEditor."}, {"lang": "es", "value": "Un Control de Acceso Incorrecto en FileEditor (/Admin/Views/FileEditor/) en FlexDotnetCMS versiones anteriores a v1.5.11, permite a un atacante remoto autenticado leer y escribir en archivos existentes fuera de la web root. Los archivos pueden ser accedidos por medio de un salto de directorio, es decir, ingresando una ruta .. (punto punto) como ..\\..\\..\\..\\..\\(file) en el campo de entrada del FileEditor. En FlexDotnetCMS versiones anteriores a v1.5.8, tambi\u00e9n es posible acceder a los archivos especificando la ruta completa (por ejemplo, C:\\(archivo)). Luego, los archivos pueden luego ser editados por medio del FileEditor"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F0090F7-7399-49B8-9CC8-D1B29F405F62", "versionEndExcluding": "1.5.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}