What is the CVSS score of EUVD-2020-30829?

EUVD-2020-30829 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Diskboss are affected by EUVD-2020-30829?

DiskBoss 7.7.14 contains a critical vulnerability allowing unauthenticated remote attackers to crash the application through malicious file uploads, potentially disrupting business operations and…

Is there a public PoC exploit available for EUVD-2020-30829?

Yes, a public proof-of-concept exploit is available for EUVD-2020-30829. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2020-30829?

Within 24 hours: identify all DiskBoss 7.7.14 instances in your environment and assess their exposure to untrusted networks. Within 7 days: implement network-level access controls to restrict DiskBoss connectivity or apply WAF rules blocking requests to the /Command/Search Files endpoint. Within 30 days: evaluate upgrade to a patched version, migrate to alternative file management software, or decommission the application if not business-critical.

Diskboss EUVD-2020-30829

| CVE-2020-36882 HIGH

Unrestricted Upload of File with Dangerous Type (CWE-434)

2025-12-05 disclosure@vulncheck.com

File Upload Denial Of Service Diskboss

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2020-30829

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 10, 2025 - 15:08 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 18:15 nvd

HIGH 7.5

DescriptionCVE.org

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

Analysis

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

Technical ContextAI

Unrestricted file upload allows attackers to upload malicious files (web shells, executables) that can then be executed on the server. This vulnerability is classified as Unrestricted Upload of File with Dangerous Type (CWE-434).

RemediationAI

Validate file types by content (magic bytes), not just extension. Store uploads outside the web root. Use random filenames. Scan uploads for malware.

EUVD-2020-30829 vulnerability details – vuln.today

Back

Diskboss EUVD-2020-30829

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code