CVE-2020-5640 – CVE-2020-5640 is a local file inclusion vulnera... (How to Fix)

Q: What is the severity of CVE-2020-5640?

CVE-2020-5640 has a CVSS score of 9.8 (CRITICAL). CVE-2020-5640 is a local file inclusion vulnerability in OneThird CMS that allows remote unauthenticated attackers to execute arbitrary code or access sensitive files. This affects all versions up to v1.96c, putting websites using this CMS at critical risk.

📋 TL;DR

CVE-2020-5640 is a local file inclusion vulnerability in OneThird CMS that allows remote unauthenticated attackers to execute arbitrary code or access sensitive files. This affects all versions up to v1.96c, putting websites using this CMS at critical risk.

💻 Affected Systems

Products:

OneThird CMS

Versions: v1.96c and earlier

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable by default.

📦 What is this software?

Onethird by Onethird

View all CVEs affecting Onethird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, data theft, and complete website takeover.

🟠

Likely Case

Sensitive file disclosure including configuration files, database credentials, and user data.

🟢

If Mitigated

Limited impact if proper web application firewalls and file permission controls are implemented.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing systems extremely vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Local file inclusion vulnerabilities typically have low exploitation complexity and can lead to RCE via log poisoning or PHP wrappers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.97 or later

Vendor Advisory: https://onethird.net/en/p1340.html

Restart Required: No

Instructions:

1. Download latest version from OneThird website. 2. Backup current installation. 3. Replace files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall

all

Implement WAF rules to block local file inclusion patterns

File Permission Restrictions

linux

Restrict web server permissions to prevent file inclusion

chmod 644 *.php
chmod 600 config files

🧯 If You Can't Patch

Isolate the CMS instance behind a reverse proxy with strict filtering
Implement network segmentation to limit lateral movement potential

🔍 How to Verify

Check if Vulnerable:

Check CMS version in admin panel or readme files

Check Version:

Check admin panel or view source for version info

Verify Fix Applied:

Verify version is v1.97 or later and test file inclusion attempts

📡 Detection & Monitoring

Log Indicators:

Unusual file path requests
PHP wrapper usage in URLs
Multiple ../ sequences in requests

Network Indicators:

HTTP requests with file inclusion patterns
Unusual file extensions in URLs

SIEM Query:

web.url:*php* AND (web.url:*../* OR web.url:*php://*)

📊 Metadata

CVE ID: CVE-2020-5640

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: October 20, 2020

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU99467898/index.html Patch,Third Party Advisory
https://onethird.net/en/p1340.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU99467898/index.html Patch,Third Party Advisory
https://onethird.net/en/p1340.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON