CVE-2020-19907

HIGH

8.8

CVSS Severity Score

EPSS Score0.0000%

EPSS Percentile19.68th

PublishedJul 12, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.

Affected Platforms (CPE)

📦

Mitre

Caldera

<= 2.3.1

References & Advisories

🔗 https://cwe.mitre.org/data/definitions/78.html

🔗 https://github.com/mitre/caldera/issues/462

🔗 https://cwe.mitre.org/data/definitions/78.html

🔗 https://github.com/mitre/caldera/issues/462

Related Vulnerabilities

CVE-2000-037410.0

The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from an...

CVE-2001-018110.0

Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execut...

CVE-2000-037010.0

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for ...

CVE-2014-293510.0

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell met...