PT-2020-14935 · Cellopoint · Cellopoint Cellos
Cyku Hong
·
Published
2020-08-25
·
Updated
2025-05-08
·
CVE-2020-17384
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cellopoint Cellos version 4.1.10 Build 20190922
Description
The issue arises from improper validation of URL input. An attacker can exploit this by injecting and remotely executing arbitrary commands to manipulate the system, provided they have access to the system administrator's cookie.
Recommendations
For Cellopoint Cellos version 4.1.10 Build 20190922, consider restricting access to the system administrator's cookie and validating all URL inputs to prevent arbitrary command execution until a patch is available. As a temporary workaround, limit the privileges of the system administrator's account to minimize potential damage from exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cellopoint Cellos