CVE-2020-27386

HIGH

FlexDotnetCMS < 1.5.9 - Authenticated Arbitrary File Upload via FileManager and Rename Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27386. PoCs published by Erik Wynter, including Metasploit module exploits/windows/http/flexdotnetcms_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in FlexDotnetCMS v1.5.8 and prior by uploading a TXT file and renaming it to an ASP file, achieving remote code execution.

Description

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Erik Wynter · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/flexdotnetcms_upload_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in FlexDotnetCMS v1.5.8 and prior by uploading a TXT file and renaming it to an ASP file, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FlexDotnetCMS v1.5.8 and prior

Auth required

Prerequisites: Valid credentials for a FlexDotnetCMS user with FileManager permissions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9

Exploit, Third Party Advisory x_refsource_misc

https://blog.vonahi.io/whats-in-a-re-name/

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/rapid7/metasploit-framework/pull/14339

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html

Scores

CVSS v3 8.8

EPSS 0.7287

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

flexdotnetcms_project/flexdotnetcms < 1.5.9

Published Nov 12, 2020

Tracked Since Feb 18, 2026