CVE-2020-37023

HIGH WAF: Medium

CVSS 8.8 Published: 2026-01-30

CWE-434

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.

WAF Coverage Analysis

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

References

koken.me
github.com
www.exploit-db.com
www.softaculous.com
www.vulncheck.com

Back to CVE Database