CVE-2020-10580

Опубликовано: 25 мар. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.

Ссылки

https://cwe.mitre.org/data/definitions/77.html
Third Party Advisory
https://www.on-x.com/sites/default/files/security_advisory_-_multiple_vulnerabilities_-_invigo_adm.pdf
Exploit
Third Party Advisory
https://cwe.mitre.org/data/definitions/77.html
Third Party Advisory
https://www.on-x.com/sites/default/files/security_advisory_-_multiple_vulnerabilities_-_invigo_adm.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:invigo:automatic_device_management:*:*:*:*:*:*:*:*

Версия до 5.0 (включая)

EPSS

Процентиль: 93%

0.11232

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-c96r-89xw-q4pv