CVE-2020-22201

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions phpCMS 2008 sp4

Description The issue allows remote malicious users to execute arbitrary php commands. This is achieved via the pagesize parameter to the "yp/product.php" endpoint.

Recommendations For phpCMS 2008 sp4, consider restricting access to the "yp/product.php" endpoint or avoid using the pagesize parameter until a fix is available.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-22201

Affected Products

Phpcms

CVE-2020-22201

Weakness Enumeration

Related Identifiers

Affected Products

References · 4