CVE-2020-25790

HIGH

Typesetter CMS 5.0-5.1 - Authenticated Remote Code Execution via ZIP Archive Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-25790. PoCs published by Rodolfo Tavares, 7Mitu.

AI-analyzed exploit summary This exploit demonstrates arbitrary code execution in Typesetter CMS 5.1 by uploading a malicious ZIP file containing a PHP payload via the admin interface, then extracting and executing it. It requires valid admin credentials and interacts with the CMS's file management functionality.

Description

Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2

Exploits (2)

exploitdb WORKING POC
by Rodolfo Tavares · pythonwebappsphp
https://www.exploit-db.com/exploits/48906

This exploit demonstrates arbitrary code execution in Typesetter CMS 5.1 by uploading a malicious ZIP file containing a PHP payload via the admin interface, then extracting and executing it. It requires valid admin credentials and interacts with the CMS's file management functionality.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Typesetter CMS 5.1
Auth required
Prerequisites: Valid admin credentials · Network access to the Typesetter CMS admin interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 4 stars
by 7Mitu · poc
https://github.com/7Mitu/CVE-2020-25790

This repository provides a Docker environment for reproducing CVE-2020-25790, a file upload vulnerability in Typesetter CMS. It includes setup instructions and a demonstration of the exploit process.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Typesetter CMS 5.1
Auth required
Prerequisites: Docker · Typesetter CMS credentials (admin:admin)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory x_refsource_misc
https://github.com/Typesetter/Typesetter/issues/674
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Oct/11
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159615/Typesetter-CMS-5.1-Remote-Code-Execution.html

Scores

CVSS v3 7.2
EPSS 0.1558
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
typesettercms/typesetter 5.0 - 5.1
Published Sep 19, 2020
Tracked Since Feb 18, 2026