CVEブラウザに戻る

CVE-2020-22120

HIGH

8.8

CVSS Severity Score

EPSS Score0.0170%

EPSS Percentile1.05th

Published2021年8月18日

Last Modified2024年11月21日

Vulnerability Description

A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

Affected Platforms (CPE)

📦

Txjia

Imcat

= 5.1

References & Advisories

🔗 https://cwe.mitre.org/data/definitions/96.html

🔗 https://github.com/peacexie/imcat/issues/3

🔗 https://cwe.mitre.org/data/definitions/96.html

🔗 https://github.com/peacexie/imcat/issues/3

関連する脆弱性情報

CVE-2019-149689.8

An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

CVE-2020-203929.8

SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.

CVE-2018-206059.8

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.

CVE-2021-353709.8

An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.