CVE-2020-20907 – MetInfo 7.0 beta contains a path traversal vuln... (How to Fix)

Q: What is the severity of CVE-2020-20907?

CVE-2020-20907 has a CVSS score of 9.1 (CRITICAL). MetInfo 7.0 beta contains a path traversal vulnerability that allows attackers to delete and modify critical INI configuration files. This affects all installations of MetInfo 7.0 beta content management system. Attackers can exploit this to manipulate system settings and potentially gain administrative access.

📋 TL;DR

MetInfo 7.0 beta contains a path traversal vulnerability that allows attackers to delete and modify critical INI configuration files. This affects all installations of MetInfo 7.0 beta content management system. Attackers can exploit this to manipulate system settings and potentially gain administrative access.

💻 Affected Systems

Products:

MetInfo CMS

Versions: 7.0 beta

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects MetInfo 7.0 beta version. Stable releases may not be affected.

📦 What is this software?

Metinfo by Metinfo

View all CVEs affecting Metinfo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through configuration file manipulation leading to remote code execution, data destruction, or persistent backdoor installation.

🟠

Likely Case

Unauthorized modification of system settings, privilege escalation to admin access, or disruption of website functionality.

🟢

If Mitigated

Limited impact with proper file permission controls and web application firewalls blocking path traversal attempts.

🌐 Internet-Facing: HIGH - Web applications are directly accessible and vulnerable to unauthenticated attacks.

🏢 Internal Only: MEDIUM - Internal systems still vulnerable but attack surface reduced compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub issues demonstrate exploitation techniques. Simple path traversal attacks can modify critical configuration files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0 stable or later versions

Vendor Advisory: Not specified in provided references

Restart Required: No

Instructions:

1. Upgrade to MetInfo 7.0 stable or later version. 2. Replace vulnerable files: app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php with patched versions. 3. Verify file permissions are properly set.

🔧 Temporary Workarounds

File Permission Restriction

linux

Set strict file permissions on INI configuration files to prevent modification

chmod 644 app/system/language/admin/language_general.class.php
chmod 644 app/system/include/function/file.func.php

Web Application Firewall Rules

all

Block path traversal patterns in web requests

🧯 If You Can't Patch

Implement strict file system permissions (read-only for web user on configuration files)
Deploy web application firewall with path traversal detection rules

🔍 How to Verify

Check if Vulnerable:

Check MetInfo version in admin panel or by examining version files. If version is 7.0 beta, system is vulnerable.

Check Version:

Check admin panel or examine /app/system/version.php file

Verify Fix Applied:

Verify file modification dates and permissions on vulnerable files. Test if path traversal attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Multiple failed attempts to access path traversal patterns
Unauthorized file modification attempts in system logs
Requests containing '../' patterns targeting INI files

Network Indicators:

HTTP requests with path traversal sequences targeting vulnerable file paths
Unusual POST requests to file manipulation endpoints

SIEM Query:

web.url:*../app/system/language/admin/language_general.class.php OR web.url:*../app/system/include/function/file.func.php

📊 Metadata

CVE ID: CVE-2020-20907

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

Published: May 24, 2021

Last Updated: November 21, 2024

🔗 References

https://cwe.mitre.org/data/definitions/23.html Third Party Advisory
https://github.com/cby234/cve_request/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://github.com/cby234/cve_request/issues/2 Exploit,Issue Tracking,Third Party Advisory
https://cwe.mitre.org/data/definitions/23.html Third Party Advisory
https://github.com/cby234/cve_request/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://github.com/cby234/cve_request/issues/2 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-20907, you might also want to check these: