PT-2020-14348 · Atlassian · Stash

Published

2020-06-26

Updated

2020-12-28

CVE-2020-15311

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Stash version 1.0.3

Description The issue allows SQL Injection via the downloadmp3.php API endpoint, specifically through the download parameter.

Recommendations For Stash version 1.0.3, consider restricting access to the downloadmp3.php endpoint until a patch is available. As a temporary workaround, avoid using the download parameter in the affected endpoint to minimize the risk of exploitation.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-15311

Affected Products

Stash

PT-2020-14348 · Atlassian · Stash

CVE-2020-15311

Related Identifiers

Affected Products

References · 2