Vulnerability Database

322,128

Total vulnerabilities in the database

CVE-2020-37034

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.

Published: Jan 30, 2026
Updated: Feb 1, 2026
CVE: CVE-2020-37034
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://web.archive.org/web/20190109182037/https://helloweb.co.kr/
https://www.exploit-db.com/exploits/48659
https://www.vulncheck.com/advisories/helloweb-arbitrary-file-download

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo