Unrated severityNVD Advisory· Published May 20, 2021· Updated Aug 4, 2024
CVE-2020-35580
CVE-2020-35580
Description
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SearchBlox/SearchBloxdescription
- Range: <9.2.2
Patches
Vulnerability mechanics
References
2- developer.searchblox.com/docs/getting-started-with-searchbloxmitrex_refsource_MISC
- hateshape.github.io/general/2021/05/11/CVE-2020-35580.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.