4 matches found
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Batflat CMS 1.3.6 is vulnerable to authenticated code injection leading to Remote Code Execution via input fields on the Users tab. Exploitation requires login to the admin panel and editing another user’s data (e.g., username or display name). Affected product/version: Batflat 1.3.6; vendor note...