Login Sign Up

CVE-2020-17462

7.8 HIGH

📋 TL;DR

CMS Made Simple 2.2.14 allows authenticated users to upload malicious .ptar files through the File Manager, potentially leading to arbitrary code execution. This affects all installations running the vulnerable version with authenticated user accounts. The vulnerability is similar to CVE-2017-16798 but targets a different file extension.

💻 Affected Systems

Products:
  • CMS Made Simple
Versions: 2.2.14 and possibly earlier versions
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with file upload permissions in the CMS admin interface.

📦 What is this software?

Cms Made Simple by Cmsmadesimple

View all CVEs affecting Cms Made Simple →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker uploads a malicious .ptar file containing PHP code, gains remote code execution, and takes full control of the web server.

🟠

Likely Case

Authenticated users with file upload privileges upload webshells or malware to compromise the CMS installation.

🟢

If Mitigated

With proper file extension filtering and user privilege restrictions, impact is limited to file system access within upload directories.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authenticated access to the CMS admin panel. Public exploit code is available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.15 or later

Vendor Advisory: https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=83485

Restart Required: No

Instructions:

1. Backup your CMS installation and database. 2. Download CMS Made Simple 2.2.15 or later from the official website. 3. Replace all files except uploads and config.php. 4. Run the upgrade script if prompted. 5. Verify the installation works correctly.

🔧 Temporary Workarounds

Block .ptar file uploads via .htaccess

linux

Add .ptar to blocked file extensions in Apache configuration

<FilesMatch "\.ptar$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

Restrict file upload permissions

all

Remove file upload permissions from non-admin users in CMS admin panel

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block .ptar file uploads
  • Disable file upload functionality entirely for all users

🔍 How to Verify

Check if Vulnerable:

Check CMS version in admin panel or look for version in /admin/login.php source code

Check Version:

Check admin panel dashboard or view source of login page for version string

Verify Fix Applied:

After patching, attempt to upload a .ptar file through the File Manager - it should be rejected

📡 Detection & Monitoring

Log Indicators:

  • File upload attempts with .ptar extension in web server logs
  • Unauthorized file creation in upload directories

Network Indicators:

  • POST requests to file upload endpoints with .ptar files
  • Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND (uri_path="*admin*" OR uri_path="*upload*") AND file_extension=".ptar"

📊 Metadata

CVE ID: CVE-2020-17462
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: August 14, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-17462, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)