exploitDog

CVE-2020-13404

Опубликовано: 05 авг. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.

Ссылки

https://github.com/quadra-informatique/Atos-Magento/releases
Release Notes
Third Party Advisory
https://sysdream.com/news/lab/
Third Party Advisory
https://sysdream.com/news/lab/2020-06-09-cve-2020-13404-remote-system-command-injection-in-atos-magento-module/
Exploit
Third Party Advisory
https://github.com/quadra-informatique/Atos-Magento/releases
Release Notes
Third Party Advisory
https://sysdream.com/news/lab/
Third Party Advisory
https://sysdream.com/news/lab/2020-06-09-cve-2020-13404-remote-system-command-injection-in-atos-magento-module/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quadra-informatique:atos\/sips:*:*:*:*:*:magento:*:*

Версия от 3.0.0 (включая) до 3.0.5 (включая)

EPSS

Процентиль: 82%

0.017

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-42qr-q7pq-93c7

github

больше 3 лет назад

The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.

EPSS

Процентиль: 82%

0.017

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78