Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
0

CVE-2020-10557

Disclosure Date: March 16, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.

Add Assessment

1
Ratings
Technical Analysis

I am the author of this exploit. The web application (from 2018) does not list .php7 and .phtml as illegal file extensions. Additionally, the web app has open registration so that anyone with an email can sign up. This allows for virtually anyone to obtain remote code execution on the server by uploading a malicious web shell.

Currently on the internet there are 2 live websites running this software.

POC is available on my GitHub: https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557

CVSS V3 Severity and Metrics
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • atutor

Products

  • acontent

Additional Info

Technical Analysis