CVE-2020-15050

HIGH NUCLEI

Suprema BioStar 2 <2.8.2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15050. PoCs published by SITE Team. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Bio Star 2's Video Extension up to version 2.8.2. It uses a simple bash script with curl to fetch arbitrary files from the target system via path traversal.

Description

An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.

Exploits (1)

exploitdb WORKING POC
by SITE Team · textwebappsmultiple
https://www.exploit-db.com/exploits/48708

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Bio Star 2's Video Extension up to version 2.8.2. It uses a simple bash script with curl to fetch arbitrary files from the target system via path traversal.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Bio Star 2, Video Extension up to version 2.8.2
No auth needed
Prerequisites: Target system running vulnerable Bio Star 2 Video Extension · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Suprema BioStar <2.8.2 - Local File Inclusion
HIGHby gy741

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html

Scores

CVSS v3 7.5
EPSS 0.5073
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
supremainc/biostar_2 < 2.8.2
Published Jul 13, 2020
Tracked Since Feb 18, 2026