CVE-2020-13887 Kordil EDMS through 2.2.60rc3 allows Remote Command Execution

1) Login to the Kordil EDMS application and go to documents and add a document, like how will u add documents to an EDMS system.

2) Then choose the document as a simple php backdoor file or any backdoor/web shell could be used.

3) upload .php web shell or backdoor

4) After uploading the document go to “/documents” folder, for eg; “”

5) Now go to to get the command response in browser.

Leave a Reply

Your email address will not be published. Required fields are marked *