CVE-2020-13894

CVE-2020-13894

EPSS 1.1%

handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/kbgsft/vuln-dext5editor/wiki/File-Download-vulnerability-in-DEXT5Editor-3.5.1402961-by-xcuter