From cheats to exploits: Webrat spreading via GitHub

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net:...

CVE-2020-36825

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

CVE-2020-36825

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

CVE-2020-36825

A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is...

CVE-2020-36825 cyberaz0r WebRAT api.php download_file unrestricted upload

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

CVE-2020-36825

The CVE-2020-36825 entry refers to cyberaz0r WebRAT (up to 20191222) with a flaw in Server/api.php called download_file. Manipulating the argument name (name) allows unrestricted upload, and the issue can be triggered remotely over the network. A patch is identified (0c394a795b9c10c07085361e6fcea...

CVE-2020-36825 cyberaz0r WebRAT api.php download_file unrestricted upload

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

PT-2024-10836 · Unknown · Cyberaz0R Webrat

Name of the Vulnerable Software and Affected Versions: cyberaz0r WebRAT up to 20191222 Description: A critical issue affects the function download file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The real...

WebRAT 代码问题漏洞

WebRAT is a simple remote web management tool. A code issue vulnerability exists in cyberaz0r WebRAT, which stems from a security issue in the downloadfile function in Server/api.php, which causes unrestricted uploads via the parameter name...