CVE-2020-21522

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0020%

EPSS Percentile17.51th

PublishedSep 30, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.

Affected Platforms (CPE)

📦

Halo

= 1.1.3

References & Advisories

🔗 https://github.com/halo-dev/halo/issues/418

Related Vulnerabilities

CVE-2020-215269.8

An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal ch...

CVE-2020-215239.8

A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be ...

CVE-2019-153119.8

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Hal...

CVE-2020-189809.8

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.