exploitDog

CVE-2020-20601

Опубликовано: 22 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

Ссылки

https://blog.riskivy.com/thinkcmf-%e6%a1%86%e6%9e%b6%e4%b8%8a%e7%9a%84%e4%bb%bb%e6%84%8f%e5%86%85%e5%ae%b9%e5%8c%85%e5%90%ab%e6%bc%8f%e6%b4%9e/
Exploit
Third Party Advisory
https://blog.riskivy.com/thinkcmf-%e6%a1%86%e6%9e%b6%e4%b8%8a%e7%9a%84%e4%bb%bb%e6%84%8f%e5%86%85%e5%ae%b9%e5%8c%85%e5%90%ab%e6%bc%8f%e6%b4%9e/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:thinkcmf:thinkcmf:x1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:thinkcmf:thinkcmf:x2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:thinkcmf:thinkcmf:x2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:thinkcmf:thinkcmf:x2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:thinkcmf:thinkcmf:x2.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.48111

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-r2mp-8crc-chh7

CVSS3: 9.8

github

около 4 лет назад

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

EPSS

Процентиль: 98%

0.48111

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94