CVE-2020-11084

Name of the Vulnerable Software and Affected Versions iPear (affected versions not specified)

Description The manual execution of the eval() function in iPear can lead to command injection, allowing the execution of any PHP code within iPear. This may result in data change, damage, or theft from the PC. Only PCs where commands are manually executed via "For Developers" are affected.

Recommendations For iPear, consider disabling the manual execution of the eval() function via "For Developers" to minimize the risk of command injection until a patch is available. Restrict access to the "For Developers" feature to prevent unauthorized execution of PHP code. Avoid using the eval() function in iPear until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.