CyberSec.Space Logo
Back to CVE Browser

CVE-2020-17363

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile21.10th
PublishedDec 31, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.

Affected Platforms (CPE)

📦
Usvn

Usvn

< 1.0.9

References & Advisories

🔗 https://sysdream.com/news/lab/2020-08-12-cve-2020-17363-usvn-remote-code-execution/
🔗 https://sysdream.com/news/lab/2020-08-12-cve-2020-17363-usvn-remote-code-execution/

Related Vulnerabilities

CVE-2020-250699.8

USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.

CVE-2020-250708.8

USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.

CVE-2018-06956.1

Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitra...

CVE-2020-173646.1

USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.