CyberSec.Space Logo
Back to CVE Browser

CVE-2020-22120

HIGH
8.8
CVSS Severity Score
EPSS Score0.0170%
EPSS Percentile1.05th
PublishedAug 18, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

Affected Platforms (CPE)

πŸ“¦
Txjia

Imcat

= 5.1

References & Advisories

πŸ”— https://cwe.mitre.org/data/definitions/96.html
πŸ”— https://github.com/peacexie/imcat/issues/3
πŸ”— https://cwe.mitre.org/data/definitions/96.html
πŸ”— https://github.com/peacexie/imcat/issues/3

Related Vulnerabilities

CVE-2019-149689.8

An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

CVE-2020-203929.8

SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.

CVE-2018-206059.8

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.

CVE-2021-353709.8

An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.