Published: 21/10/2021 Updated: 14/06/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal

Vulnerable Product	Search on Vulmon	Subscribe to Product
civetweb project civetweb
siemens sinec infrastructure network services

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to direct ...

Critical Infrastructure Sectors: Energy

CWE-22 https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2020-27304 https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-27304

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect