PT-2020-12824 · Hylafax+1 · Hylafax Enterprise Web Interface+1

Published

2020-05-19

Updated

2021-07-21

CVE-2020-11766

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iFAX AvantFAX versions 3.3.5 and earlier HylaFAX Enterprise Web Interface versions 0.2.4 and earlier

Description The issue allows authenticated Command Injection in the sendfax.php file.

Recommendations For iFAX AvantFAX versions 3.3.5 and earlier, update to version 3.3.6 or later. For HylaFAX Enterprise Web Interface versions 0.2.4 and earlier, update to version 0.2.5 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-11766

Affected Products

Hylafax Enterprise Web Interface

Ifax Avantfax

PT-2020-12824 · Hylafax+1 · Hylafax Enterprise Web Interface+1

CVE-2020-11766

Weakness Enumeration

Related Identifiers

Affected Products

References · 4