CVE-2020-35729

Critical

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.

mitre·CWE-78·Published 2020-12-27

CVSS

9.8

EPSS

0.88

KEV

Exploits

cve.orgen

118 chars

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.

NVDen

118 chars

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.

NVDes

177 chars

KLog Server versión 2.4.1, permite una inyección de comandos del sistema operativo por medio de metacaracteres de shell en el parámetro user del archivo actions/authenticate.php

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H