CVE-2020-15026: Path Traversal
First published: Wed Jun 24 2020(Updated: )
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bludit | =3.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-15026?
CVE-2020-15026 is a vulnerability that allows admins of Bludit 3.12.0 to perform directory traversal and download arbitrary files via the /plugin-backup-download?file=../ endpoint.
What is the severity of CVE-2020-15026?
The severity of CVE-2020-15026 is medium with a CVSS score of 4.9.
How does CVE-2020-15026 affect Bludit?
CVE-2020-15026 affects Bludit 3.12.0 by enabling admins to perform directory traversal and download arbitrary files.
How can a hacker exploit CVE-2020-15026?
A hacker can exploit CVE-2020-15026 by manipulating the /plugin-backup-download?file=../ parameter to download sensitive files from the server.
Is there a fix available for CVE-2020-15026?
Yes, the fix for CVE-2020-15026 is to upgrade to a version of Bludit that is not affected by the vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bludit
- canonical/bludit
- version/bludit/3.12.0