Vulnerability Description
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microweber | Microweber | <= 1.1.20 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-ExExploitThird Party AdvisoryVDB Entry
- https://github.com/microweber/microweber/commit/777ee9c3e7519eb3672c79ac41066175PatchThird Party Advisory
- https://sl1nki.page/advisories/CVE-2020-28337Third Party Advisory
- https://sl1nki.page/blog/2021/02/01/microweber-zip-slipExploitPatchThird Party Advisory
- http://packetstormsecurity.com/files/162514/Microweber-CMS-1.1.20-Remote-Code-ExExploitThird Party AdvisoryVDB Entry
- https://github.com/microweber/microweber/commit/777ee9c3e7519eb3672c79ac41066175PatchThird Party Advisory
- https://sl1nki.page/advisories/CVE-2020-28337Third Party Advisory
- https://sl1nki.page/blog/2021/02/01/microweber-zip-slipExploitPatchThird Party Advisory
FAQ
What is CVE-2020-28337?
CVE-2020-28337 is a vulnerability with a CVSS score of 7.2 (HIGH). A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnera...
How severe is CVE-2020-28337?
CVE-2020-28337 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28337?
Check the references section above for vendor advisories and patch information. Affected products include: Microweber Microweber.