What is the CVSS score of CVE-2020-36882?

CVE-2020-36882 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Diskboss are affected by CVE-2020-36882?

DiskBoss 7.7.14 contains a critical vulnerability allowing unauthenticated remote attackers to crash the application through malicious file uploads, potentially disrupting business operations and…

Is there a public PoC exploit available for CVE-2020-36882?

Yes, a public proof-of-concept exploit is available for CVE-2020-36882. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2020-36882?

Within 24 hours: identify all DiskBoss 7.7.14 instances in your environment and assess their exposure to untrusted networks. Within 7 days: implement network-level access controls to restrict DiskBoss connectivity or apply WAF rules blocking requests to the /Command/Search Files endpoint. Within 30 days: evaluate upgrade to a patched version, migrate to alternative file management software, or decommission the application if not business-critical.

Diskboss CVE-2020-36882

EUVD-2020-30829 HIGH

Unrestricted Upload of File with Dangerous Type (CWE-434)

2025-12-05 disclosure@vulncheck.com

File Upload Denial Of Service Diskboss

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2020-30829

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 10, 2025 - 15:08 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 18:15 nvd

HIGH 7.5

DescriptionCVE.org

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

Analysis

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

Technical ContextAI

Unrestricted file upload allows attackers to upload malicious files (web shells, executables) that can then be executed on the server. This vulnerability is classified as Unrestricted Upload of File with Dangerous Type (CWE-434).

RemediationAI

Validate file types by content (magic bytes), not just extension. Store uploads outside the web root. Use random filenames. Scan uploads for malware.

CVE-2020-36882 vulnerability details – vuln.today

Back

Diskboss CVE-2020-36882

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code