The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf | |
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | Patch Third Party Advisory |
https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ | Mailing List Third Party Advisory |
https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VDOO
Published: 2021-10-21T15:42:23
Updated: 2022-06-14T10:06:41
Reserved: 2020-10-19T00:00:00
Link: CVE-2020-27304
JSON object: View
NVD Information
Status : Modified
Published: 2021-10-21T16:15:07.737
Modified: 2022-06-14T11:15:09.047
Link: CVE-2020-27304
JSON object: View
Redhat Information
No data.