CVE-2020-26806

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html	Exploit Third Party Advisory VDB Entry
https://www.objectplanet.com/opinio/changelog.html	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:objectplanet:opinio:*:*:*:*:*:*:*:*

History

09 Aug 2021, 19:00

Type	Values Removed	Values Added
CWE		CWE-434
CPE		cpe:2.3:a:objectplanet:opinio::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 8.8
References	~~(MISC) https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html -~~	(MISC) https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html - Exploit, Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://www.objectplanet.com/opinio/changelog.html -~~	(CONFIRM) https://www.objectplanet.com/opinio/changelog.html - Release Notes, Vendor Advisory

31 Jul 2021, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-07-31 17:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-26806

Mitre link : CVE-2020-26806

CVE.ORG link : CVE-2020-26806

JSON object : View

Products Affected

objectplanet

opinio

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2020-26806", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-07-31T17:15:07.913", "references": [{"url": "https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.objectplanet.com/opinio/changelog.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code."}, {"lang": "es", "value": "El archivo admin/file.do en ObjectPlanet Opinio versiones anteriores a 7.15, permite una carga de Archivos no Restringidos de archivos JSP ejecutables, resultando en una ejecuci\u00f3n de c\u00f3digo remota, porque filePath puede tener un salto de directorio y fileContent puede ser c\u00f3digo JSP v\u00e1lido"}], "lastModified": "2022-06-28T14:11:45.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:objectplanet:opinio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "785F075F-FA8B-4CCC-B3DD-89C29C436F89", "versionEndExcluding": "7.15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}