CVE-2020-20495 – CVE-2020-20495 is an arbitrary file deletion vu... (How to Fix)

Q: What is the severity of CVE-2020-20495?

CVE-2020-20495 has a CVSS score of 9.1 (CRITICAL). CVE-2020-20495 is an arbitrary file deletion vulnerability in Bludit CMS v3.13.0's backup plugin. Attackers can delete any file on the server by manipulating the 'deleteBackup' parameter. This affects all Bludit installations running the vulnerable version with the backup plugin enabled.

📋 TL;DR

CVE-2020-20495 is an arbitrary file deletion vulnerability in Bludit CMS v3.13.0's backup plugin. Attackers can delete any file on the server by manipulating the 'deleteBackup' parameter. This affects all Bludit installations running the vulnerable version with the backup plugin enabled.

💻 Affected Systems

Products:

Bludit CMS

Versions: v3.13.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires backup plugin to be enabled/accessible. Earlier versions may also be affected but not confirmed.

📦 What is this software?

Bludit by Bludit

View all CVEs affecting Bludit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via deletion of critical system files, leading to service disruption, data loss, or privilege escalation by deleting authentication files.

🟠

Likely Case

Website defacement or data loss through deletion of web application files, configuration files, or user content.

🟢

If Mitigated

Limited impact if proper file permissions restrict web user access to critical system files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access the backup plugin functionality. Proof-of-concept available in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.13.1

Vendor Advisory: https://github.com/bludit/bludit/releases/tag/3.13.1

Restart Required: No

Instructions:

1. Download Bludit v3.13.1 or later from official repository. 2. Backup current installation. 3. Replace all files except /bl-content/ and /bl-plugins/ directories. 4. Verify functionality.

🔧 Temporary Workarounds

Disable Backup Plugin

linux

Temporarily disable the vulnerable backup plugin to prevent exploitation.

mv /path/to/bludit/bl-plugins/backup /path/to/bludit/bl-plugins/backup.disabled

Restrict Plugin Access

all

Use web server configuration to block access to backup plugin endpoints.

# Apache: Add to .htaccess
<Files "backup.php">
    Order Allow,Deny
    Deny from all
</Files>
# Nginx: Add to server block
location ~* /admin/backup {
    deny all;
}

🧯 If You Can't Patch

Disable or remove the backup plugin entirely.
Implement strict file permission controls to limit web user's ability to delete critical files.

🔍 How to Verify

Check if Vulnerable:

Check if running Bludit v3.13.0 and backup plugin exists in /bl-plugins/backup/ directory.

Check Version:

cat /path/to/bludit/bl-kernel/boot/version.php | grep "define('BLUDIT_VERSION'"

Verify Fix Applied:

Verify version is v3.13.1 or later via admin panel or checking version file.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /admin/backup with deleteBackup parameter
File deletion events in system logs from web server process

Network Indicators:

POST requests to backup endpoints with suspicious parameters

SIEM Query:

source="web_access.log" AND (uri_path="/admin/backup" AND (param="deleteBackup" OR method="POST"))

📊 Metadata

CVE ID: CVE-2020-20495

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Published: September 1, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/bludit/bludit/issues/1246 Exploit,Third Party Advisory
https://github.com/bludit/bludit/issues/1246 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON