USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
References
Link | Resource |
---|---|
https://sysdream.com/news/lab/2020-08-12-cve-2020-17363-usvn-remote-code-execution/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-31T01:16:06
Updated: 2020-12-31T01:16:06
Reserved: 2020-08-05T00:00:00
Link: CVE-2020-17363
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-31T02:15:12.433
Modified: 2021-01-05T21:28:26.677
Link: CVE-2020-17363
JSON object: View
Redhat Information
No data.
CWE