exploitDog

CVE-2020-25490

Опубликовано: 17 сент. 2020

Источник: nvd

CVSS3: 7.3

CVSS2: 7.5

EPSS Низкий

Описание

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.

Ссылки

https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/
Exploit
Vendor Advisory
https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sqreen:php_microagent:*:*:*:*:*:*:*:*

Версия до 1.16.0 (исключая)

EPSS

Процентиль: 73%

0.00775

Низкий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-347

Связанные уязвимости

GHSA-4239-cmjf-x875

github

больше 3 лет назад

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.

EPSS

Процентиль: 73%

0.00775

Низкий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-347