PT-2021-11095 · Quadbase · Quadbase Espressreports Es

Published

2021-03-15

Updated

2022-07-12

CVE-2020-24985

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Quadbase EspressReports ES version 7 Update 9

Description: An issue allows an authenticated user to navigate to the MenuPage section of the application and change the frmsrc parameter value. This enables the retrieval and execution of external files or payloads.

Recommendations: For Quadbase EspressReports ES version 7 Update 9, consider restricting access to the MenuPage section to prevent unauthorized changes to the frmsrc parameter. As a temporary workaround, avoid using the frmsrc parameter in the affected application until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

CVE-2020-24985

Affected Products

Quadbase Espressreports Es

PT-2021-11095 · Quadbase · Quadbase Espressreports Es

CVE-2020-24985

Weakness Enumeration

Related Identifiers

Affected Products

References · 4