CVE-2020-11579
HIGHChadha PHPKB 9.0 Enterprise Edition - Unauthenticated Local File Disclosure via Installer Test Connection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-11579. PoCs published by ShielderSec.
AI-analyzed exploit summary This PoC exploits CVE-2020-11579, an arbitrary file disclosure vulnerability in PHPKB via a rogue MySQL server. It leverages the LOAD DATA LOCAL feature to exfiltrate files from the target system.
Description
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
Exploits (1)
This PoC exploits CVE-2020-11579, an arbitrary file disclosure vulnerability in PHPKB via a rogue MySQL server. It leverages the LOAD DATA LOCAL feature to exfiltrate files from the target system.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N