Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Nette framework PHP code injection via callback - Vulnerability Database

Nette framework PHP code injection via callback

Description

Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an PHP code injection attack by passing specially formed parameters to URL that may possibly leading to remote code execution (RCE).

Remediation

Upgrade to the latest version of nette/application and/or nette/nette.

References

Potential Remote Code Execution vulnerability

Related Vulnerabilities

Check for apache versions up to 1.3.25, 2.0.38 High
Common tags: Code Execution
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) High
Common tags: Code Execution
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7) High
Common tags: Code Execution
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8) High
Common tags: Code Execution
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9) High
Common tags: Code Execution

Severity

High

Classification

CVE-2020-15227
CWE-94
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution