CVE-2020-11490

Sažetak

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.

Reference

http://code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html
https://github.com/c610/tmp/blob/master/zenload4patreons.zip

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

06-04-2020 - 14:11

Objavljeno

02-04-2020 - 14:15