CVE-2020-37023

HIGH

Koken CMS 0.22.24 - Authenticated Unrestricted Upload of File with Dangerous Type via File Extension Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37023. PoCs published by V1n1v131r4.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Koken CMS 0.22.24 by bypassing the whitelist-based file extension restriction via Burp Suite manipulation. The attacker uploads a malicious PHP file disguised as an image, leading to remote code execution (RCE).

Description

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.

Exploits (1)

exploitdb WORKING POC
by V1n1v131r4 · textwebappsphp
https://www.exploit-db.com/exploits/48706

This exploit demonstrates an arbitrary file upload vulnerability in Koken CMS 0.22.24 by bypassing the whitelist-based file extension restriction via Burp Suite manipulation. The attacker uploads a malicious PHP file disguised as an image, leading to remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Koken CMS 0.22.24
Auth required
Prerequisites: Authenticated access to Koken CMS · Burp Suite or similar proxy tool · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48706
Various Sources product
http://koken.me/

Scores

CVSS v3 8.8
EPSS 0.0060
EPSS Percentile 44.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Published Jan 30, 2026
Tracked Since Feb 18, 2026