CVE-2020-5256

Remote Code Execution Through Image Uploads in BookStack

Description

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.

References

Link	Tags
https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx	third party advisory
https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3	release notes
https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4	release notes
https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5	release notes

Frequently Asked Questions

What is the severity of CVE-2020-5256?: CVE-2020-5256 has been scored as a high severity vulnerability.
How to fix CVE-2020-5256?: To fix CVE-2020-5256, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-5256 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-5256 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-5256?: CVE-2020-5256 affects BookStackApp BookStack.

Description

Categories

CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-434 – Unrestricted Upload of File with Dangerous Type

References

Frequently Asked Questions