Lucene search
MitreCVELIST:CVE-2020-35734HistoryFeb 15, 2021 - 8:49 p.m.
CVE-2020-35734
2021-02-1520:49:31
mitre
www.cve.org
2
sruu.pl
batflat 1.3.6
authenticated user
code injection
users tab
remote code execution
administration panel
arbitrary user's data
vulnerability
no longer supported
maintainer
EPSS
0.109
Percentile
95.1%
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user’s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Related
packetstorm
packetstorm
Batflat CMS 1.3.6 Remote Code Execution
2021-02-18 00:00:00
vulnrichment
vulnrichment
CVE-2020-35734
2021-02-15 20:49:31
nvd
nvd
CVE-2020-35734
2021-02-15 21:15:13
cve
cve
CVE-2020-35734
2021-02-15 21:15:13
zdt
zdt
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated) Exploit
2021-02-18 00:00:00
prion
prion
Code injection
2021-02-15 21:15:00
exploitdb
exploitdb
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)
2021-02-18 00:00:00