CVE-2020-37023

Koken CMS version 0.22.24 is affected by CVE-2020-37023, a file upload vulnerability that enables authenticated attackers to bypass file extension restrictions. By renaming malicious PHP files, attackers can upload payloads with system command execution capabilities through manipulated file upload requests, such as those proxied via a web proxy to alter the extension. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Authenticated users with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity and no user interaction required. Successful exploitation allows attackers to achieve remote code execution by uploading and executing arbitrary PHP files, leading to high confidentiality, integrity, and availability impacts, such as full server compromise.

Advisories and references, including those from Vulncheck, Exploit-DB (exploit 48706), and a GitHub repository detailing the bypass, provide technical details on the issue but do not specify official patches in the available information. Security practitioners should consult the Koken CMS site and related resources for any updates or mitigation guidance.

Public proof-of-concept exploits are available on Exploit-DB and GitHub, indicating potential for real-world abuse, though no widespread exploitation has been reported in the provided data.