CVE-2020-11579

HIGH

Chadhaajay Phpkb - Missing Authentication

Title source: rule

Description

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.

Exploits (1)

nomisec WORKING POC 25 stars

by ShielderSec · poc

https://github.com/ShielderSec/CVE-2020-11579

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

https://shielder.it/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/ShielderSec/CVE-2020-11579

Exploit, Third Party Advisory x_refsource_misc

https://www.shielder.it/blog/mysql-and-cve-2020-11579-exploitation/

Product x_refsource_misc

https://www.phpkb.com

Scores

CVSS v3 7.5

EPSS 0.5135

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-306

Status published

Products (1)

chadhaajay/phpkb 9.0

Published Sep 03, 2020

Tracked Since Feb 18, 2026