A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/microweber/microweber/commit/777ee9c3e7519eb3672c79ac41066175b2001b50 | Patch Third Party Advisory |
https://sl1nki.page/advisories/CVE-2020-28337 | Third Party Advisory |
https://sl1nki.page/blog/2021/02/01/microweber-zip-slip | Exploit Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-02-15 20:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-28337
Mitre link : CVE-2020-28337
CVE.ORG link : CVE-2020-28337
JSON object : View
Products Affected
microweber
- microweber
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')