← Zuruck zu CVEs
CVE-2020-11084
MEDIUM6.4
Beschreibung
In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC.
CVE Details
CVSS v3.1 Bewertung6.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht7/14/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
ipear_project:ipear
Schwachen (CWE)
CWE-78CWE-77
Referenzen
https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj(security-advisories@github.com)
https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.