CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-9406

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile27.98th
Published2020年2月26日
Last Modified2024年11月21日

Vulnerability Description

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.

Affected Platforms (CPE)

📦
Iblsoft

Online Weather

< 4.3.5

References & Advisories

🔗 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
🔗 https://zigrin.com/advisories/online-weather-command-injection-in-querybcp-method/
🔗 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
🔗 https://zigrin.com/advisories/online-weather-command-injection-in-querybcp-method/

相关漏洞威胁

CVE-2020-94056.1

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.

CVE-2020-94075.3

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...