CVE-2020-29597
published 2020-12-07CVE-2020-29597: IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files…
PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
71.67%
99.3th percentile
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| incomcms_project | incomcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to the vulnerable upload endpoint at modules/uploader/showcase/script.php; no authentication is required, making any POST to this path suspicious. ↗
- →Monitor for the multipart form-data field name 'Filedata' in POST requests to script.php, as this is the parameter used to upload arbitrary files. ↗
- →Monitor GET requests to /upload/userfiles/image/ for files uploaded via the exploit, which may be used for subsequent remote code execution. ↗
- →Use the Google Dork 'intext:"Incom CMS 2.0"' to identify publicly exposed vulnerable instances. ↗
- ·The exploit uses a static multipart boundary value; however, real-world attackers may vary this boundary string, so detection should not rely solely on the exact boundary value. ↗
- ·The upload path prefix '/incom/' in the Nuclei template may vary depending on the deployment; the vulnerable script path relative to the web root is modules/uploader/showcase/script.php. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mwj2-cvrj-h6g4: IncomCMS 2
ghsa_unreviewed·2022-05-24
CVE-2020-29597 [CRITICAL] CWE-434 GHSA-mwj2-cvrj-h6g4: IncomCMS 2
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
VulnCheck
incomcms_project incomcms Unrestricted Upload of File with Dangerous Type
vulncheck·2020·CVSS 9.8
CVE-2020-29597 [CRITICAL] incomcms_project incomcms Unrestricted Upload of File with Dangerous Type
incomcms_project incomcms Unrestricted Upload of File with Dangerous Type
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
Affected: incomcms_project incomcms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-25&host_type=src&vulnerability=cve-2020-29597; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-28&host_type=src&vulnerability=cve-2020-29597; https://dashboard.shadowserver.org/statistics/honeypot/vulnera
No detection rules found.
Exploit-DB
IncomCMS 2.0 - Insecure File Upload
exploitdb·2021-01-05·CVSS 9.8
CVE-2020-29597 [CRITICAL] IncomCMS 2.0 - Insecure File Upload
IncomCMS 2.0 - Insecure File Upload
---
# Exploit Title: IncomCMS 2.0 - Insecure File Upload
# Google Dork: intext:"Incom CMS 2.0"
# Date: 07.12.2020
# Exploit Author: MoeAlBarbari
# Vendor Homepage: https://www.incomcms.com/
# Version: 2.0
# Tested on: BackBox linux
# CVE: CVE-2020-29597
Upload your files
Upload your file
Nuclei
IncomCMS 2.0 - Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2020-29597 [CRITICAL] IncomCMS 2.0 - Arbitrary File Upload
IncomCMS 2.0 - Arbitrary File Upload
IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.
Template:
id: CVE-2020-29597
info:
name: IncomCMS 2.0 - Arbitrary File Upload
author: princechaddha
severity: critical
description: |
IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.
impact: |
Successful exploitation of this vulnerability can result in unauthorized access, data leakage, and potential remote code execution.
remediation: |
Apply the latest security patch or update to a version that addresses the vulnerability.
reference:
- https://github.com/Trhackno/
http://packetstormsecurity.com/files/160784/Incom-CMS-2.0-File-Upload.htmlhttps://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2020-12-07-incom-insecure-up.mdhttps://m4dm0e.github.io/2020/12/07/incom-insecure-up.htmlhttp://packetstormsecurity.com/files/160784/Incom-CMS-2.0-File-Upload.htmlhttps://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2020-12-07-incom-insecure-up.mdhttps://m4dm0e.github.io/2020/12/07/incom-insecure-up.html
2020-12-07
Published
Exploited in the wild