cbcvebase.
CVE-2020-29597
published 2020-12-07

CVE-2020-29597: IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files…

PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
71.67%
99.3th percentile
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.

Affected

1 ranges
VendorProductVersion rangeFixed in
incomcms_projectincomcms

Detection & IOCsextracted from sources · hover to see the quote

path/incom/modules/uploader/showcase/script.php
path/upload/userfiles/image/
  • Detect unauthenticated POST requests to the vulnerable upload endpoint at modules/uploader/showcase/script.php; no authentication is required, making any POST to this path suspicious.
  • Monitor for the multipart form-data field name 'Filedata' in POST requests to script.php, as this is the parameter used to upload arbitrary files.
  • Monitor GET requests to /upload/userfiles/image/ for files uploaded via the exploit, which may be used for subsequent remote code execution.
  • Use the Google Dork 'intext:"Incom CMS 2.0"' to identify publicly exposed vulnerable instances.
  • ·The exploit uses a static multipart boundary value; however, real-world attackers may vary this boundary string, so detection should not rely solely on the exact boundary value.
  • ·The upload path prefix '/incom/' in the Nuclei template may vary depending on the deployment; the vulnerable script path relative to the web root is modules/uploader/showcase/script.php.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.