Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-15T20:49:31

Updated: 2024-08-04T17:09:15.152Z

Reserved: 2020-12-27T00:00:00

Link: CVE-2020-35734

cve-icon Vulnrichment

Updated: 2024-08-04T17:09:15.152Z

cve-icon NVD

Status : Modified

Published: 2021-02-15T21:15:13.263

Modified: 2024-11-21T05:27:58.373

Link: CVE-2020-35734

cve-icon Redhat

No data.