CVE-2020-11579

EUVD-2020-3929
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
chadhaajayphpkb
9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ShielderSec/CVE-2020-11579
https://shielder.it/
https://www.phpkb.com
https://www.shielder.it/blog/mysql-and-cve-2020-11579-exploitation/
https://github.com/ShielderSec/CVE-2020-11579
https://shielder.it/
https://www.phpkb.com
https://www.shielder.it/blog/mysql-and-cve-2020-11579-exploitation/