How to fix CVE-2016-20023?

Within 30 days: Identify affected systems running CKSource CKFinder and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ckfinder affected by CVE-2016-20023?

Organizations using CKSource CKFinder should be aware of moderate risk from CVE-2016-20023 rated CVSS 5.0. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2016-20023

EUVD-2016-10801 MEDIUM

2025-12-05 [email protected]

5.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2016-10801

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

CVE Published

Dec 05, 2025 - 06:16 nvd

MEDIUM 5.0

Description

In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.

Analysis

A remote code execution vulnerability in CKSource CKFinder (CVSS 5.0). Remediation should follow standard vulnerability management procedures.

Technical Context

CWE-23 (Relative Path Traversal). Affects CKSource CKFinder.

Affected Products

['CKSource CKFinder']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +25

POC: 0

CVE-2016-20023 vulnerability details – vuln.today

Back

CVE-2016-20023

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2016-20023

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code