Imcat
CVE-2020-23520
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
AnalysisAI
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Affected products include: Txjia Imcat.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
An issue was discovered in imcat 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.ph
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. Rated high sev
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. Rated high severity (CVSS 7.5), thi
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. Rated medium severity (CVSS 6.1),
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. Rated medium severity (CVSS 5.4), this vul
imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/che
imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.p
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. Rated medium severity (CVSS 4.9), this vu
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today