CVE-2020-35370

HIGH

Raysync < 3.3.3.8 - Path Traversal

Title source: rule

Description

A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.

Exploits (1)

exploitdb WORKING POC

by james · textwebappslinux

https://www.exploit-db.com/exploits/49265

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49265

Scores

CVSS v3 8.8

EPSS 0.0553

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

raysync/raysync < 3.3.3.8

Published Dec 23, 2020

Tracked Since Feb 18, 2026