Disclosure Date 2020/10/19

CVE-2020-5640

Unauthenticated LFI to RCE in OneThird CMS

OneThird CMS におけるローカルファイルインクルージョン

Credit

stypr (@stereotype32)

Affected-Versions

OneThird CMS: v1.96c and earlier

CWE

  • CWE-98

Description

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code via undisclosed file upload feature. The attacker can also use this vulnerability to obtain arbitrary files and sensitive information such as database.

Back