PT-2021-11409 · Unknown · Maxum Rumpus
Published
2021-03-08
·
Updated
2021-07-21
·
CVE-2020-27575
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Maxum Rumpus versions 8.2.13 through 8.2.14
Description:
The issue affects the web administration functionality, specifically the edit users form, where a parameter is vulnerable to command injection due to insufficient validation. This allows for potential exploitation by injecting commands.
Recommendations:
For versions 8.2.13 and 8.2.14, consider restricting access to the edit users form until a fix is available, and ensure proper validation of user input to prevent command injection.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Maxum Rumpus