CVE-2020-27575

moderate-risk
Published 2021-03-08

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.

Do I need to act?

~
6.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Maxum

References (4)

Product http://maxum.com
Exploit https://tvrbk.github.io/cve/2021/03/07/rumpus.html
Product http://maxum.com
Exploit https://tvrbk.github.io/cve/2021/03/07/rumpus.html
46
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 9/34 · Low
Exposure 7/34 · Low