CVE-2020-29311

Опубликовано: 10 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.

Ссылки

https://drive.google.com/file/d/1iLMFSbY8x1CXIf0uFntovY6yZ7N24dQA/view?usp=sharing
Exploit
Issue Tracking
Third Party Advisory
https://drive.google.com/file/d/1smOjvenPB-nE0PyIxnfujCT4KcxxkeWV/view?usp=sharing
Exploit
Third Party Advisory
https://gist.github.com/mhaskar/bfa9c2c799fca6697bcc6a213d08cb3e
Exploit
Third Party Advisory
https://drive.google.com/file/d/1iLMFSbY8x1CXIf0uFntovY6yZ7N24dQA/view?usp=sharing
Exploit
Issue Tracking
Third Party Advisory
https://drive.google.com/file/d/1smOjvenPB-nE0PyIxnfujCT4KcxxkeWV/view?usp=sharing
Exploit
Third Party Advisory
https://gist.github.com/mhaskar/bfa9c2c799fca6697bcc6a213d08cb3e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ubilling:ubilling:1.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.0853

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-473q-vgvv-5537

github

больше 3 лет назад