exploitDog

CVE-2019-25022

Опубликовано: 27 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.

Ссылки

https://suid.ch/research/CVE-2019-25022.html
Exploit
Third Party Advisory
https://suid.ch/research/CVE-2019-25022.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scytl:secure_vote:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00418

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-r8r8-mhhg-vjch

github

больше 3 лет назад

An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.

EPSS

Процентиль: 61%

0.00418

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78