Ctrl + K
/ news / CVE
CVEPublished 2019-02-051 article on news7 live referencesNVD data

CVE-2018-20250

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.Used in ransomware
CISA action: WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
CVSS v3.1
7.8
HIGH
EPSS percentile
100
Exploit Prediction Scoring System · top 0% of all CVEs
Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Timeline
Published 2019-02-05

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2018-20250
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Rarlab Winrar"
All exposed Rarlab Winrar instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Winrar"
HTTP body or banner mentions "Winrar" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2018-20250
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2018-20250
Censys host search filtered to this CVE id.
grep.app
CVE-2018-20250
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2018-20250
GitHub code search for direct mentions.
Google dork
"CVE-2018-20250" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (5)

CVE-2018-202505 repos
Mr-xn/Penetration_Testing_POCHTML
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…
★ 7,397·updated 3d ago
googleprojectzero/winaflC
A fork of AFL for fuzzing Windows binaries
★ 2,570·updated 3mo ago
xiaoZ-hc/redtoolShell
日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种
★ 1,419·updated 1y ago
GhostTroops/TOPShell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
★ 731·updated today
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
★ 612·updated 3mo ago
Articles on news mentioning CVE-2018-20250