CVE-2016-20023 MEDIUM

CVE-2016-20023

Vendor Cksource

Product CKFinder

Weakness CWE-23

Published December 5, 2025

Last update December 5, 2025

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.

Key dates

02Disclosure timeline

December 5, 2025 CVE published

December 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-20023

Related vulnerabilities

CVE-2016-20023

01Description

02Disclosure timeline

03References

04Related CVE