Unrated severityNVD Advisory· Published Jan 4, 2023· Updated Aug 4, 2024

AlliedModders AMX Mod X Console Command adminvote.sma cmdVoteMap path traversal

CVE-2020-36639

Description

A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

AMX Mod X for Windows vulnerable to path traversal in cmdVoteMap via amx_votemap argument, allowing execution of dangerous console commands; patched in commit a5f2b553.

Vulnerability

The function cmdVoteMap in plugins/adminvote.sma of AlliedModders AMX Mod X on Windows is vulnerable to path traversal. Manipulating the amx_votemap command argument can include .. sequences, leading to traversal. Versions prior to commit a5f2b5539f6d61050b68df8b22ebb343a2862681 are affected [1][2].

Exploitation

An attacker who can issue the amx_votemap console command (typically server admins or players with appropriate access) can supply a map name containing .. characters. The lack of validation allows traversal, potentially referencing files outside intended directories [1].

Impact

Successful exploitation allows an attacker to execute potentially dangerous console commands on Windows servers, leading to arbitrary code execution or other malicious actions. The impact is rated critical, with potential for full compromise of the server [1].

Mitigation

Apply the patch from commit a5f2b5539f6d61050b68df8b22ebb343a2862681, which adds a check for .. in the map name and continues without adding invalid maps. This fix was included in the repository as of June 3, 2020 [2]. No other workarounds are documented.

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

AlliedModders/AMX Mod Xllm-create
AlliedModders/AMX Mod Xv5
Range: n/a

Patches

a5f2b5539f6d

adminvote.sma exploit fix (#823)

https://github.com/alliedmodders/amxmodxJuiceMay 28, 2020via osv

commit PR #823

1 file changed · +4 −1

plugins/adminvote.sma+4 −1 modified

@@ -238,7 +238,10 @@ public cmdVoteMap(id, level, cid)
 	for (new i = 1; i < argc; ++i)
 	{
 		read_argv(i, g_optionName[g_validMaps], 31)
-		
+
+		if (contain(g_optionName[g_validMaps], "..") != -1)
+			continue
+
 		if (is_map_valid(g_optionName[g_validMaps]))
 			g_validMaps++
 	}

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/alliedmodders/amxmodx/commit/a5f2b5539f6d61050b68df8b22ebb343a2862681mitrepatch
github.com/alliedmodders/amxmodx/pull/823mitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000