Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-3845-be6bf-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2020-08-25T00:00:00
Updated: 2020-08-25T07:35:18
Reserved: 2020-08-07T00:00:00
Link: CVE-2020-17384
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-25T08:15:10.407
Modified: 2020-08-27T20:12:48.950
Link: CVE-2020-17384
JSON object: View
Redhat Information
No data.
CWE