CVE-2020-27304 - AskarLabs CVE Database

CVE-2020-27304

Vendor Civetweb_Project

Product civetweb

Weakness CWE-23

Published October 21, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal

Key dates

02Disclosure timeline

October 21, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-27304 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

04Related CVE

CVE-2025-13161 IQ Service International｜IQ-Support - Arbitrary File Read CVE-2012-5972 SpecView Directory Traversal CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover CVE-2024-49062 Microsoft SharePoint Information Disclosure Vulnerability CVE-2026-8073 Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP