CVE-2020-35729
CRITICAL WAF: High
CVSS 9.8
Published: 2020-12-27
CWE-78
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| klogserver | klog_server | 2.4.1 |
References
- packetstormsecurity.com (Exploit, Third Party Advisory, VDB Entry)
- packetstormsecurity.com (Exploit, Third Party Advisory, VDB Entry)
- packetstormsecurity.com (Exploit, Third Party Advisory, VDB Entry)
- github.com (Exploit, Third Party Advisory)
- github.com (Exploit, Third Party Advisory)