What is CVE-2020-27304?

CVE-2020-27304 is a critical-severity vulnerability in Civetweb_project Civetweb, classified under Relative Path Traversal. CVSS score: 9.8/10. Published 2021-10-21.

How severe is CVE-2020-27304?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Path Traversal in Civetweb_project Civetweb

CVE-2020-27304

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file u…

EPSS: 0.031 (86.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Civetweb_project Civetweb — versions 1.15, 1.8
Siemens Sinec_infrastructure_network_services

Weakness classification (CWE)

References

vuln@vdoo.com (Exploit, Third Party Advisory, x_refsource_MISC)
vuln@vdoo.com (Mailing List, Third Party Advisory, x_refsource_MISC)
vuln@vdoo.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
vuln@vdoo.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-27304?: CVE-2020-27304 is a critical-severity vulnerability in Civetweb_project Civetweb, classified under Relative Path Traversal. CVSS score: 9.8/10. Published 2021-10-21.
How severe is CVE-2020-27304?: Critical severity. CVSS v3 base score is 9.8 out of 10.