CVEFinder.io

CVE-2020-11579

⚠️ high
🔍 Scan for this CVE
Summary

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.

CVSS Score
7.5
High
EPSS Score
36.7
Exploit Probability
Published Date
2020-09-03
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 325,576 vulnerabilities in our database.

#100,963
Above average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-306

📦 Affected Products 1

Vendor Product Status Affected Versions
chadhaajay phpkb Affected
v9.0

🔗 References 4

https://github.com/ShielderSec/CVE-2020-11579
Exploit Third Party Advisory
https://shielder.it/
Third Party Advisory
https://www.phpkb.com
Product
https://www.shielder.it/blog/mysql-and-cve-2020-1157...
Exploit Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2020-10386 ⚠️ high 7.2 18.7 admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Exe... 2020-03-12
CVE-2020-10387 🔶 medium 4.9 12.8 Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files... 2020-03-12
CVE-2020-10388 🔶 medium 5.4 0.3 The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execu... 2020-03-12
CVE-2020-10389 ⚠️ high 7.2 9.0 admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by i... 2020-03-12
CVE-2020-10390 ⚠️ high 7.2 4.7 OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Stand... 2020-03-12
CVE-2020-10391 🔶 medium 4.8 0.3 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting a... 2020-03-12
These CVEs affect the same products