PT-2020-17140 · Billing · Billing

Askar

Published

2020-12-10

Updated

2021-07-21

CVE-2020-29311

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ubilling version 1.0.9

Description The issue allows Remote Command Execution as a Root user. This is achieved by injecting a malicious command inside the config file, which is then triggered by another part of the software.

Recommendations For Ubilling version 1.0.9, consider restricting access to the config file to prevent malicious command injection until a patch is available. As a temporary workaround, monitor the system for any suspicious activity that may indicate exploitation of this issue.

Exploit

Fix

Missing Authentication

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-78

Related Identifiers

CVE-2020-29311

Affected Products

Billing

PT-2020-17140 · Billing · Billing

CVE-2020-29311

Weakness Enumeration

Related Identifiers

Affected Products

References · 12