CVE-2020-15477

Published: Jul 23, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/raspberrytorte/tortoise/tree/master/nodejs

x_refsource_MISC

https://gist.github.com/PreethamBomma/e7b6d220790f95555dc2c5ac1d7d2f85

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-15477

Description

Affected Products

References