Vulnerability in N/a
CVE-2020-7799
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating sys…
EPSS: 0.745 (98.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- ianxtianxt/CVE-2020-7799
- Pikaqi/cve-2020-7799
- ARPSyndicate/cvemon
- Coldplay1517/Middleware-Vulnerability-detection-master
- SexyBeast233/SecBooks
- TrojanAZhen/Self_
- apachecn-archive/Middleware-Vulnerability-detection
- hectorgie/PoC-in-GitHub
- huimzjty/vulwiki
- lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
References
- fusionauth.io/docs/v1/tech/release-notes (x_refsource_MISC)
- 20200127 CVE - CVE-2020-7799 - FusionAuth command execution via Apache Freemarker Template (mailing-list, x_refsource_BUGTRAQ)
- packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.h… (x_refsource_MISC)
- lab.mediaservice.net/advisory/2020-03-fusionauth.txt (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-7799?
- CVE-2020-7799 is a vulnerability in N/a. Published 2020-01-28.
- Is CVE-2020-7799 known to be exploited?
- 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.