Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-3845-be6bf-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2020-08-25T07:35:18.103626Z
Updated: 2024-09-16T22:40:27.094Z
Reserved: 2020-08-07T00:00:00
Link: CVE-2020-17384
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-08-25T08:15:10.407
Modified: 2020-08-27T20:12:48.950
Link: CVE-2020-17384
Redhat
No data.