Directory Traversal Vulnerability in CivetWeb Web Library
CVE-2020-27304

9.8CRITICAL

Key Information:

Vendor

Civetweb Project

Status
Civetweb
Vendor
CVE Published:
21 October 2021

What is CVE-2020-27304?

The CivetWeb web library allows for a directory traversal vulnerability when handling file uploads with the mg_handle_form_request API on non-Windows operating systems. This occurs because the library does not validate the file paths of uploaded files, leaving web applications that utilize this file upload mechanism vulnerable. With the ability to manipulate the output path using user-controlled filename components, an attacker can potentially access unauthorized files within the server's directory structure.

Affected Version(s)

civetweb 1.8

civetweb 1.15

References

https://jfrog.com/blog/cve-2020-27304-rce-via-directory-t...
x_refsource_MISC
https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-38929...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.