CVE-2016-20023: Path Traversal

Q: What is the severity of CVE-2016-20023?

CVE-2016-20023 is considered a high severity vulnerability due to the unauthorized file download capability for authenticated users.

Q: How do I fix CVE-2016-20023?

To fix CVE-2016-20023, upgrade CKFinder to version 2.5.0.1 or later.

Q: What type of vulnerability is CVE-2016-20023?

CVE-2016-20023 is a file disclosure vulnerability in CKSource CKFinder.

Q: Who is affected by CVE-2016-20023?

Users of CKSource CKFinder version prior to 2.5.0.1 for ASP.NET are affected by CVE-2016-20023.

Q: Can CVE-2016-20023 be exploited remotely?

Yes, CVE-2016-20023 can be exploited remotely if an attacker has knowledge of the file path.

Published Dec 5, 2025

Updated

In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.

Affected Software

2 affected components

CKSource Ckfinder<2.5.0.1

CKSource Ckfinder Asp.net<2.5.0.1

Event History

Dec 5, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·06:16 AM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2016-20023?

CVE-2016-20023 is considered a high severity vulnerability due to the unauthorized file download capability for authenticated users.

How do I fix CVE-2016-20023?

To fix CVE-2016-20023, upgrade CKFinder to version 2.5.0.1 or later.

What type of vulnerability is CVE-2016-20023?

CVE-2016-20023 is a file disclosure vulnerability in CKSource CKFinder.

Who is affected by CVE-2016-20023?

Users of CKSource CKFinder version prior to 2.5.0.1 for ASP.NET are affected by CVE-2016-20023.

Can CVE-2016-20023 be exploited remotely?