CVE-2020-37080

CRITICAL

webTareas 2.0.p8 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37080. PoCs published by Besim.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file deletion vulnerability in webTareas 2.0.p8 via the `print_layout.php` endpoint. The attacker manipulates the `atttmp1` parameter to trigger the `unlink` function, allowing deletion of files on the server.

Description

webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.

Exploits (1)

exploitdb WORKING POC
by Besim · textwebappsphp
https://www.exploit-db.com/exploits/48430

This exploit demonstrates an arbitrary file deletion vulnerability in webTareas 2.0.p8 via the `print_layout.php` endpoint. The attacker manipulates the `atttmp1` parameter to trigger the `unlink` function, allowing deletion of files on the server.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: webTareas v2.0.p8
Auth required
Prerequisites: Authenticated session (valid cookies) · Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48430

Scores

CVSS v3 9.8
EPSS 0.0033
EPSS Percentile 24.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-73
Status published
Products (1)
luiswang/webTareas 2.0.p8
Published Feb 03, 2026
Tracked Since Feb 18, 2026