CVE-2020-19527: OS Command Injection
First published: Thu Dec 10 2020(Updated: )
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| idreamsoft iCMS | =7.0.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-19527?
CVE-2020-19527 is a vulnerability in iCMS 7.0.14 which allows attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
Which software versions are affected by CVE-2020-19527?
iCMS 7.0.14 is affected by CVE-2020-19527.
How severe is CVE-2020-19527?
CVE-2020-19527 has a severity rating of 9.8 (critical).
How can I fix CVE-2020-19527?
To fix CVE-2020-19527, update iCMS to a version that is not affected by this vulnerability. Refer to the vendor's website for the latest patches and updates.
Is there any additional information about CVE-2020-19527?
Yes, you can find additional information about CVE-2020-19527 in the GitHub issue #66.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/idreamsoft
- canonical/idreamsoft icms
- version/idreamsoft icms/7.0.14