|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-01-21 | |
| Rule Name: | PHP-Fusion Downloads.php Command Injection Vulnerability (CVE-2020-24949) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A command injection vulnerability has been reported in PHP-Fusion. The vulnerability is due to insufficient validation of HTTP request parameters in downloads.php. A remote unauthenticated attacker could exploit this vulnerability by sending an crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability could allow the attacker to execute command in the security context of the running server. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/php-fusion/PHP-Fusion/issues/2312 https://github.com/php-fusion/PHP-Fusion/issues/2312 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://github.com/php-fusion/PHP-Fusion/issues/2312 |