{ "id": "CVE-2020-27385", "sourceIdentifier": "cve@mitre.org", "published": "2020-11-12T19:15:15.113", "lastModified": "2021-07-21T11:39:23.747", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\\..\\..\\..\\..\\ in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\\). The files can then be edited via the FileEditor." }, { "lang": "es", "value": "Un Control de Acceso Incorrecto en FileEditor (/Admin/Views/FileEditor/) en FlexDotnetCMS versiones anteriores a v1.5.11, permite a un atacante remoto autenticado leer y escribir en archivos existentes fuera de la web root. Los archivos pueden ser accedidos por medio de un salto de directorio, es decir, ingresando una ruta .. (punto punto) como ..\\..\\..\\..\\..\\(file) en el campo de entrada del FileEditor. En FlexDotnetCMS versiones anteriores a v1.5.8, tambi\u00e9n es posible acceder a los archivos especificando la ruta completa (por ejemplo, C:\\(archivo)). Luego, los archivos pueden luego ser editados por medio del FileEditor" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.2 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.5 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.5.11", "matchCriteriaId": "8F0090F7-7399-49B8-9CC8-D1B29F405F62" } ] } ] } ], "references": [ { "url": "https://blog.vonahi.io/whats-in-a-re-name/", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11", "source": "cve@mitre.org", "tags": [ "Release Notes", "Third Party Advisory" ] } ] }