PT-2021-11271 · Ppgo Jobs · Ppgo Jobs

Pd1R

Published

2021-09-08

Updated

2022-05-03

CVE-2020-26772

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PPGo Jobs version 2.8.0

Description: The issue allows remote attackers to execute arbitrary code via the AjaxRun() function. This enables attackers to inject commands, potentially leading to unauthorized access or control.

Recommendations: For PPGo Jobs version 2.8.0, consider disabling the AjaxRun() function as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-26772

Affected Products

Ppgo Jobs

PT-2021-11271 · Ppgo Jobs · Ppgo Jobs

CVE-2020-26772

Weakness Enumeration

Related Identifiers

Affected Products

References · 5