CVE-2020-35734 - OpenCVE

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Batflat	Batflat

Configuration 1 [-]

cpe:2.3:a:batflat:batflat:1.3.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html
https://batflat.org/en/changelog
https://github.com/sruupl/batflat/issues/98
https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-15T20:49:31

Updated: 2024-08-04T17:09:15.152Z

Reserved: 2020-12-27T00:00:00

Link: CVE-2020-35734

Vulnrichment

Updated: 2024-08-04T17:09:15.152Z

NVD

Status : Modified

Published: 2021-02-15T21:15:13.263

Modified: 2024-08-04T17:16:04.767

Link: CVE-2020-35734

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-18T15:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://batflat.org/en/changelog"}, {"tags": ["x_refsource_MISC"], "url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sruupl/batflat/issues/98"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"}], "tags": ["unsupported-when-assigned"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35734", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://batflat.org/en/changelog", "refsource": "MISC", "url": "https://batflat.org/en/changelog"}, {"name": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/", "refsource": "MISC", "url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"}, {"name": "https://github.com/sruupl/batflat/issues/98", "refsource": "MISC", "url": "https://github.com/sruupl/batflat/issues/98"}, {"name": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"}]}}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T20:15:58.124755Z", "id": "CVE-2020-35734", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:16:06.832Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:09:15.152Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://batflat.org/en/changelog"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sruupl/batflat/issues/98"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35734", "datePublished": "2021-02-15T20:49:31", "dateReserved": "2020-12-27T00:00:00", "dateUpdated": "2024-08-04T17:09:15.152Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://batflat.org/en/changelog", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/sruupl/batflat/issues/98", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:09:15.152Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-35734", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T20:15:58.124755Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:16:03.550Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://batflat.org/en/changelog", "tags": ["x_refsource_MISC"]}, {"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/sruupl/batflat/issues/98", "tags": ["x_refsource_MISC"]}, {"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2021-02-18T15:06:08"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://batflat.org/en/changelog", "name": "https://batflat.org/en/changelog", "refsource": "MISC"}, {"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/", "name": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/", "refsource": "MISC"}, {"url": "https://github.com/sruupl/batflat/issues/98", "name": "https://github.com/sruupl/batflat/issues/98", "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-35734", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2020-35734", "state": "PUBLISHED", "dateUpdated": "2024-08-04T17:09:15.152Z", "dateReserved": "2020-12-27T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2021-02-15T20:49:31", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:batflat:batflat:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "CCD502D1-2B27-4BC5-9DF2-C71F42212D85", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Sruu.pl en Batflat versi\u00f3n 1.3.6, permite a un usuario autenticado realizar una inyecci\u00f3n de c\u00f3digo (y en consecuencia una ejecuci\u00f3n de c\u00f3digo remota) por medio de los campos de entrada de la pesta\u00f1a Users. Para aprovechar esto, uno debe iniciar sesi\u00f3n en el panel de administraci\u00f3n y editar los datos de un usuario arbitrario (nombre de usuario, nombre mostrado, etc.). NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"}], "id": "CVE-2020-35734", "lastModified": "2024-08-04T17:16:04.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-15T21:15:13.263", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://batflat.org/en/changelog"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sruupl/batflat/issues/98"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}