CVE-2020-15227

critical

Description

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

References

Advisories
Exploits

https://packagist.org/packages/nette/nette

https://packagist.org/packages/nette/application

https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html

https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94

https://isc.sans.edu/diary/rss/31076

Details

Source: Mitre, NVD

Published: 2020-10-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.93716

Detections

Analytics