Vulnerability in N/a
CVE-2020-12078
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (interna…
EPSS: 0.637 (98.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- mhaskar/CVE-2020-12078
- 84KaliPleXon3/CVE-2020-12078
- 0xT11/CVE-POC
- ARPSyndicate/cvemon
- Coldplay1517/Middleware-Vulnerability-detection-master
- SexyBeast233/SecBooks
- apachecn-archive/Middleware-Vulnerability-detection
- developer3000S/PoC-in-GitHub
- hectorgie/PoC-in-GitHub
- lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
References
- gist.github.com/mhaskar/dca62d0f0facc13f6364b8ed88d5a7fd (x_refsource_MISC)
- shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/ (x_refsource_MISC)
- github.com/Opmantek/open-audit/commit/6ffc7f9032c55eaa1c37cf5e070809b7211c7e9a (x_refsource_MISC)
- packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-12078?
- CVE-2020-12078 is a vulnerability in N/a. Published 2020-04-28.
- Is CVE-2020-12078 known to be exploited?
- 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.