← Back to CVEs
CVE-2020-11084
MEDIUM6.4
Description
In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC.
CVE Details
CVSS v3.1 Score6.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published7/14/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
ipear_project:ipear
Weaknesses (CWE)
CWE-78CWE-77
References
https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj(security-advisories@github.com)
https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.