2 matches found
CVE-2020-15929
Affected software: Ortus TestBox 2.4.0–4.1.0. Vulnerability: unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow writing an arbitrary CFM file within the application context, enabling Remote Code Execution. Root cause: unvalidated/unsafeguarded input in the HTMLRunne...
CVE-2020-15928
In Ortus TestBox versions 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm enable directory traversal, per CVE-2020-15928. Public exploit references exist (e.g., Exploit DB). The root cause is the lack of validation on user-supplied query parameters in that path,...