CVE-2020-7998

Published: Jan 28, 2020Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.

Affected (1)

Products: Super File Explorer Project: Super File Explorer

Super File Explorer Project

1 product

Super File Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Super File Explorer Project Super File Explorer	Version 1.0.1

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946

Source: cve@mitre.org

ProductThird Party Advisory

https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f

Source: cve@mitre.org

Third Party Advisory

https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.