CVE-2020-36973
Unknown Unknown - Not Provided
Remote Code Execution in PDW File Browser via Webshell Upload

Publication date: 2026-01-28

Last updated on: 2026-01-28

Assigner: VulnCheck

Description
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path traversal techniques.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-28
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36973
EUVD
EUVD-2020-30880
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pdw_file_browser pdw_file_browser 1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in PDW File Browser 1.3 allows authenticated users to upload files that contain webshell code disguised as .txt files. They can then rename these files to .php and move them to arbitrary locations on the web server using double-encoded path traversal techniques, enabling remote code execution.

Impact Analysis

An attacker exploiting this vulnerability can execute arbitrary code on the web server, potentially gaining control over the server or accessing sensitive data. This can lead to unauthorized actions, data breaches, or disruption of services.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36973. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart