We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2020-36639

AlliedModders AMX Mod X Console Command adminvote.sma cmdVoteMap path traversal



Description

EN DE

A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability.

In AlliedModders AMX Mod X für Windows wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion cmdVoteMap der Datei plugins/adminvote.sma der Komponente Console Command Handler. Mittels dem Manipulieren des Arguments amx_votemap mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Patch wird als a5f2b5539f6d61050b68df8b22ebb343a2862681 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

Reserved 2023-01-04 | Published 2023-01-04 | Updated 2024-08-04 | Assigner VulDB


MEDIUM: 4.3CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
MEDIUM: 4.3CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
4.7AV:A/AC:L/Au:M/C:P/I:P/A:P

Problem types

CWE-22 Path Traversal

Product status

Any version
affected

Timeline

2023-01-04:Advisory disclosed
2023-01-04:CVE reserved
2023-01-04:VulDB entry created
2023-01-28:VulDB entry last update

Credits

VulDB GitHub Commit Analyzer tool

References

vuldb.com/?id.217354 vdb-entry technical-description

vuldb.com/?ctiid.217354 signature permissions-required

github.com/alliedmodders/amxmodx/pull/823 issue-tracking

github.com/...ommit/a5f2b5539f6d61050b68df8b22ebb343a2862681 patch

cve.org (CVE-2020-36639)

nvd.nist.gov (CVE-2020-36639)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2020-36639

Support options

Helpdesk Chat, Email, Knowledgebase