CVE-2020-19305: Path Traversal
First published: Tue Aug 03 2021(Updated: )
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Metinfo Metinfo | =7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-19305?
CVE-2020-19305 is an issue in Metinfo v7.0.0 that causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
How severe is CVE-2020-19305?
CVE-2020-19305 has a severity rating of 9.8 (Critical).
What software versions are affected by CVE-2020-19305?
Metinfo v7.0.0 is affected by CVE-2020-19305.
How can attackers exploit CVE-2020-19305?
Attackers can exploit CVE-2020-19305 by deleting a column, which will also delete the indeximg parameter and allow them to escalate privileges.
Are there any references related to CVE-2020-19305?
Yes, you can find references related to CVE-2020-19305 at the following links: [CWE-36](https://cwe.mitre.org/data/definitions/36.html) and [CodeAnalyse GitHub Issue](https://github.com/MRdoulestar/CodeAnalyse/issues/2).
- collector/nvd-index
- vendor/metinfo
- canonical/metinfo metinfo
- version/metinfo metinfo/7.0.0