Описание
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.9 (исключая)
cpe:2.3:a:usvn:usvn:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05844
Низкий
9.9 Critical
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
EPSS
Процентиль: 90%
0.05844
Низкий
9.9 Critical
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78