CVE-2020-28337

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.

Un problema de salto de directorio en el módulo Utils/Unzip en Microweber versiones hasta 1.1.20, permite a un atacante autenticado conseguir una ejecución de código remota por medio de la funcionalidad backup restore. Para explotar la vulnerabilidad, un atacante debe tener las credenciales de un usuario administrativo, cargar un archivo ZIP construido maliciosamente con rutas de archivo que incluyan rutas relativas (es decir, ../../), mover este archivo al directorio de copia de seguridad y ejecutar una restaurar en este archivo

Microweber CMS versions 1.1.20 and below suffer from a remote code execution vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-11-06 CVE Reserved
2021-02-15 CVE Published
2021-05-10 First Exploit
2024-08-04 CVE Updated
2024-11-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (5)

URL	Tag	Source
https://sl1nki.page/advisories/CVE-2020-28337	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/49856	2021-05-10
http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-Execution.html	2024-08-04
https://sl1nki.page/blog/2021/02/01/microweber-zip-slip	2024-08-04

URL	Date	SRC
https://github.com/microweber/microweber/commit/777ee9c3e7519eb3672c79ac41066175b2001b50	2022-01-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microweber Search vendor "Microweber"		Microweber Search vendor "Microweber" for product "Microweber"				<= 1.1.20 Search vendor "Microweber" for product "Microweber" and version " <= 1.1.20"		-		Affected