PT-2020-13547 · Quickbox · Quickbox Community Edition+1

Published

2020-06-01

Updated

2021-12-13

CVE-2020-13448

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QuickBox Community Edition versions 2.5.5 and earlier QuickBox Pro Edition versions 2.1.8 and earlier

Description The issue allows an authenticated remote attacker to execute code on the server. This is achieved through command injection in the servicestart parameter.

Recommendations For QuickBox Community Edition versions 2.5.5 and earlier, update to a version that contains a fix for this issue. For QuickBox Pro Edition versions 2.1.8 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the servicestart parameter to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-13448

Affected Products

Quickbox Community Edition

Quickbox Pro Edition

PT-2020-13547 · Quickbox · Quickbox Community Edition+1

CVE-2020-13448

Weakness Enumeration

Related Identifiers

Affected Products

References · 5