What is CVE-2020-35580?

CVE-2020-35580 is a vulnerability in N/a. Published 2021-05-20.

Is CVE-2020-35580 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35580

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additiona…

EPSS: 0.834 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

developer.searchblox.com/docs/getting-started-with-searchblox (x_refsource_MISC)
hateshape.github.io/general/2021/05/11/CVE-2020-35580.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-35580?: CVE-2020-35580 is a vulnerability in N/a. Published 2021-05-20.
Is CVE-2020-35580 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.