Back to search
CVE-2020-15227
Published: Oct 1, 2020
Modified: Aug 4, 2024
PUBLISHED
CVSS v3.1
8.7
HIGH
Description
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
| Vendor | Product | Versions |
|---|---|---|
nette | application | affected >= 2.0.0, < 2.0.19affected >= 2.1.0, < 2.1.13affected >= 2.2.0, < 2.2.10affected >= 2.3.0, < 2.3.14affected >= 2.4.0, < 2.4.16+1 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
References
https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
x_refsource_CONFIRM
https://packagist.org/packages/nette/application
x_refsource_MISC
https://packagist.org/packages/nette/nette
x_refsource_MISC
[debian-lts-announce] 20210404 [SECURITY] [DLA 2617-1] php-nette security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now