How to fix CVE-2020-37080?

Within 24 hours: Immediately restrict access to print_layout.php via firewall/WAF rules and disable the print layout administration feature if operationally feasible. Within 7 days: Conduct a full audit of file deletion logs and system changes; implement network segmentation to limit admin component access. Within 30 days: Monitor vendor advisories for patch availability and establish a remediation timeline; consider application replacement or significant architectural changes if patching remains unavailable.

Is PHP affected by CVE-2020-37080?

A critical vulnerability in the print_layout.php administration component allows attackers to delete arbitrary files on affected systems.

CVE-2020-37080

CRITICAL

2026-02-03 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 04, 2026 - 16:33 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

CRITICAL 9.8

Description

webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.

Analysis

webTareas 2.0.p8 has an arbitrary file deletion vulnerability in the print_layout.php admin component enabling system disruption.

Technical Context

webTareas 2.0.p8 has a CWE-73 external file name control vulnerability in print_layout.php that allows authenticated administrators to delete arbitrary files on the server.

Affected Products

['webTareas 2.0.p8']

Remediation

Update webTareas. Restrict file operations to application directories.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: +20

CVE-2020-37080 vulnerability details – vuln.today

Back

CVE-2020-37080

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-37080

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code