QwikSec

Security Database

CVE

CWE

Training

CVE-2020-29552

Published: Dec 23, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://urve.co.uk/system-rezerwacji-sal

x_refsource_MISC

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-040.txt

x_refsource_MISC

20201225 SYSS-2020-040 Urve - Missing Authentication for Critical Function (CWE-306)

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/160722/URVE-Software-Build-24.03.2020-Authentication-Bypass-Remote-Code-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.