Main Vulnerability Database Exploits ID:8544 - Exploit for UNIX symbolic link following in Archive_Tar - CVE-2020-36193

ID:8544 - Exploit for UNIX symbolic link following in Archive_Tar - CVE-2020-36193

Published: October 27, 2022

Vulnerability identifier: #VU49907

Vulnerability risk: High

CVE-ID: CVE-2020-36193

CWE-ID: CWE-61

Exploitation vector: Remote access

Vulnerable software:
Archive_Tar

Link to public exploit:

CVE-2020-36193.txt

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a symlink following issue in tar.php file in Archive_Tar. A remote attacker can pass specially crafted archive to the application and force the application to overwrite arbitrary files on the system using directory traversal sequences.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Remediation

Install updates from vendor's website.

ID:8544 - Exploit for UNIX symbolic link following in Archive_Tar - CVE-2020-36193

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human