CVE-2020-17363

moderate-risk
Published 2020-12-31

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.

Do I need to act?

~
5.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 08401edbd528c8e3b07bca9a4b320ca1c9d91424
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Usvn

Affected Vendors

Usvn

References (2)

Exploit https://sysdream.com/news/lab/2020-08-12-cve-2020-17363-usvn-remote-code-executi...
Exploit https://sysdream.com/news/lab/2020-08-12-cve-2020-17363-usvn-remote-code-executi...
47
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 9/34 · Low
Exposure 5/34 · Minimal