CVE-2020-36973

High CVSS: 8.7

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.

Vendor

Product

CWE

CWE-434

Yayın Tarihi

2026-01-28 18:16:48

Güncelleme

2026-01-29 16:31:00

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 HIGH 2026

Referanslar

https://github.com/michalc/PDW-File-Browser https://www.exploit-db.com/exploits/48987 https://www.vulncheck.com/advisories/pdw-file-browser-remote-code-execution https://www.exploit-db.com/exploits/48987