CVE-2020-17363

Critical CVSS 9.9

Overview

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.

CWE: CWE-78 Published: 2020-12-31T02:15:12.433

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.9 (CRITICAL)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags