CVE-2020-37080
📋 TL;DR
CVE-2020-37080 is a critical file deletion vulnerability in webTareas 2.0.p8 that allows authenticated attackers to delete arbitrary files on the server by manipulating the 'atttmp1' parameter in print_layout.php. This affects all installations of webTareas 2.0.p8, potentially allowing attackers to delete critical system files, configuration files, or application data.
💻 Affected Systems
- webTareas
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files (like /etc/passwd, /etc/shadow, or Windows system files), leading to system crashes, data loss, or enabling further attacks.
Likely Case
Application disruption through deletion of configuration files, user data, or web content, causing service outages and data loss.
If Mitigated
Limited impact if proper file permissions and access controls prevent deletion of critical files, though application-specific files remain vulnerable.
🎯 Exploit Status
Exploit code is publicly available on Exploit-DB (ID 48430). Attack requires authentication but is trivial to execute once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available, or apply workarounds. The project appears to be abandoned on SourceForge.
🔧 Temporary Workarounds
Remove vulnerable component
allDelete or rename the vulnerable print_layout.php file to prevent exploitation
mv /path/to/webtareas/print_layout.php /path/to/webtareas/print_layout.php.bak
Restrict file permissions
linuxSet strict file permissions on critical system directories to prevent deletion
chmod 755 /etc
chmod 600 /etc/shadow
chmod 644 /etc/passwd
🧯 If You Can't Patch
- Implement strict access controls and limit administrative access to trusted users only
- Deploy web application firewall (WAF) rules to block requests containing file deletion patterns
🔍 How to Verify
Check if Vulnerable:
Check if webTareas 2.0.p8 is installed and if print_layout.php exists in the installation directoryCheck Version:
Check webTareas configuration files or admin interface for version informationVerify Fix Applied:
Verify print_layout.php has been removed/renamed or that file permissions prevent arbitrary file deletion📡 Detection & Monitoring
Log Indicators:
- HTTP requests to print_layout.php with 'atttmp1' parameter containing file paths
- File deletion events in system logs following web requests
Network Indicators:
- POST/GET requests to print_layout.php with suspicious file paths in parameters
SIEM Query:
web.url: "*print_layout.php*" AND (web.param: "*atttmp1=*" OR web.param: "*../*" OR web.param: "*/etc/*")