CVE-2020-37080 | THREATINT

Description

webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.

PUBLISHED Reserved 2026-02-01 | Published 2026-02-03 | Updated 2026-02-04 | Assigner VulnCheck

HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

External Control of File Name or Path

Product status

2.0.p8

affected

Credits

Besim ALTINOK finder

References

www.exploit-db.com/exploits/48430 (ExploitDB-48430) exploit

sourceforge.net/projects/webtareas/ (webTareas Project Homepage) product

www.vulncheck.com/...ies/webtareas-p-arbitrary-file-deletion (VulnCheck Advisory: webTareas 2.0.p8 - Arbitrary File Deletion) third-party-advisory

cve.org (CVE-2020-37080)

nvd.nist.gov (CVE-2020-37080)

Download JSON