CVE-2020-17363
CRITICAL WAF: High
CVSS 9.9
Published: 2020-12-31
CWE-78
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| usvn | usvn | up to 1.0.9 |
References
- sysdream.com (Exploit, Third Party Advisory)