CVE-2020-37023

Koken CMS 0.22.24 - Arbitrary File Upload

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.

We have discovered 1,621 live websites that are affected by CVE-2020-37023.

Run a Free Instant Scan



Affected Software

Product  Koken
Category Content Management System
Vulnerable Domains1,621 live websites (78% of Koken install base)
Vulnerable Versions
  • from 0.22.24 through 0.22.24
Vulnerable Versions Count1 versions ( 1.79% of all versions)



Details

  • Published - Jan 30, 2026
  • Updated - Feb 3, 2026

Credits

  • v1n1v131r4 (finder)

Website Distribution by Country

Number of websites using CVE-2020-37023
United States235 websites


Germany633 websites
France236 websites
Switzerland69 websites
Russia55 websites
Austria49 websites
Netherlands45 websites
GB43 websites
Italy29 websites
Poland28 websites

Website Distribution by TLD

Number of websites using CVE-2020-37023
.com618 websites
.de391 websites
.fr86 websites
.net72 websites
.ch58 websites
.at38 websites
.nl35 websites
.ru31 websites
.org30 websites
.eu27 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2020-37023

Top websites that are affected by CVE-2020-37023. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********.com Germany***,***
************.de Germany***,***
***********.photography France***,***
******************.at Austria***,***
*******.de Germany*,***,***
************.com United States*,***,***
***********.com United States*,***,***
************.de Germany*,***,***
******.com Russia*,***,***
****************.com United States*,***,***
See full domain list

FAQ

A total of 1,621 websites have been identified as vulnerable to CVE-2020-37023, based on global website indexing conducted by WebTechSurvey.
The Koken is affected by the CVE-2020-37023 vulnerability.
Koken versions up to and including 0.22.24 are vulnerable to CVE-2020-37023.