CVEs-PoC/2020/CVE-2020-5237.md

### [CVE-2020-5237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5237)
![](https://img.shields.io/static/v1?label=Product&message=oneup%2Fuploader-bundle&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%3A%20Relative%20Path%20Traversal&color=brighgreen)

### Description

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5.

### POC

#### Reference
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-003.txt

#### Github
No PoCs found on GitHub currently.