An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
References
Link | Resource |
---|---|
https://github.com/ShielderSec/CVE-2020-11579 | Exploit Third Party Advisory |
https://shielder.it/ | Third Party Advisory |
https://www.phpkb.com | Product |
https://www.shielder.it/blog/mysql-and-cve-2020-11579-exploitation/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-03T17:15:08
Updated: 2022-06-13T15:20:27
Reserved: 2020-04-06T00:00:00
Link: CVE-2020-11579
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-03T18:15:12.707
Modified: 2023-02-03T19:01:13.253
Link: CVE-2020-11579
JSON object: View
Redhat Information
No data.
CWE