Lucene search
MitreVULNRICHMENT:CVE-2020-35734HistoryFeb 15, 2021 - 8:49 p.m.
CVE-2020-35734
2021-02-1520:49:31
mitre
github.com
3
sruu.pl
code injection
remote code execution
authenticated user
users tab
administration panel
arbitrary user's data
products no longer supported
maintainer
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user’s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Related
cvelist
cvelist
CVE-2020-35734
2021-02-15 20:49:31
packetstorm
packetstorm
Batflat CMS 1.3.6 Remote Code Execution
2021-02-18 00:00:00
nvd
nvd
CVE-2020-35734
2021-02-15 21:15:13
cve
cve
CVE-2020-35734
2021-02-15 21:15:13
zdt
zdt
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated) Exploit
2021-02-18 00:00:00
prion
prion
Code injection
2021-02-15 21:15:00
exploitdb
exploitdb
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
2021-02-18 00:00:00
AI Score
7.5
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2020-35734