CVE-2020-15227 Remote Code Execution vulnerability

🗓️ 01 Oct 2020 19:00:19Reported by GitHub_MType

Nette PHP framework code injection RCE vulnerabilit

Reporter	Title	Published	Views	Family All 28
GithubExploit	Exploit for Code Injection in Nette Application	9 Oct 202013:13	–	githubexploit
GithubExploit	Exploit for Code Injection in Nette Application	15 Nov 202015:30	–	githubexploit
GithubExploit	Exploit for Code Injection in Nette Application	10 Oct 202002:38	–	githubexploit
Circl	CVE-2020-15227	14 Oct 202019:14	–	circl
Check Point Advisories	Nette Command Injection (CVE-2020-15227)	6 Feb 202100:00	–	checkpoint_advisories
CVE	CVE-2020-15227	1 Oct 202019:00	–	cve
Debian	[SECURITY] [DLA 2617-1] php-nette security update	4 Apr 202111:33	–	debian
Debian CVE	CVE-2020-15227	1 Oct 202019:00	–	debiancve
Tenable Nessus	Debian DLA-2617-1 : php-nette security update	5 Apr 202100:00	–	nessus
Tenable Nessus	Ubuntu 16.04 ESM / 18.04 LTS : Nette vulnerability (USN-5983-1)	29 Mar 202300:00	–	nessus

[
  {
    "product": "application",
    "vendor": "nette",
    "versions": [
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.0.19"
      },
      {
        "status": "affected",
        "version": ">= 2.1.0, < 2.1.13"
      },
      {
        "status": "affected",
        "version": ">= 2.2.0, < 2.2.10"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.14"
      },
      {
        "status": "affected",
        "version": ">= 2.4.0, < 2.4.16"
      },
      {
        "status": "affected",
        "version": ">= 3.0.0, < 3.0.6"
      }
    ]
  }
]

Source	Link
packagist	www.packagist.org/packages/nette/nette
github	www.github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
lists	www.lists.debian.org/debian-lts-announce/2021/04/msg00003.html
packagist	www.packagist.org/packages/nette/application

04 Apr 2021 13:06Current

9.6High risk

Vulners AI Score9.6

CVSS 3.18.7

EPSS0.35228

CWE-74