CVE-2020-21526

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1990%

EPSS Percentile29.65th

PublishedSep 30, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.

Affected Platforms (CPE)

📦

Halo

= 1.1.3

References & Advisories

🔗 https://github.com/halo-dev/halo/issues/421

Related Vulnerabilities

CVE-2020-215229.8

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite som...

CVE-2020-215239.8

A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be ...

CVE-2019-153119.8

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Hal...

CVE-2020-189809.8

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.