PT-2020-16644 · Php · Phpredisadmin

Published

2020-10-16

Updated

2020-10-26

CVE-2020-27163

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions phpRedisAdmin versions prior to 1.13.2

Description The issue allows for XSS via the username parameter in the "login.php" endpoint. This affects a significant number of devices, but the exact count is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.13.2, update to version 1.13.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.php endpoint or avoiding the use of the username parameter until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-27163

Affected Products

Phpredisadmin

PT-2020-16644 · Php · Phpredisadmin

CVE-2020-27163

Weakness Enumeration

Related Identifiers

Affected Products

References · 4