CRITICAL🇬🇧 English

CVE-2020-15865

CVSS 9.8v3.1pub. 2020-08-18upd. 2024-11-21

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Stimulsoft Reports

    APP
    Stimulsoft
    2013.1.1600.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2021-42777CRITICAL9.8ten sam produkt

Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execut...

CVE-2024-24398CRITICAL9.8PL ✓ten sam vendor

Path Traversal umożliwiający RCE w Stimulsoft Dashboard.JS

CVE-2023-25261CRITICAL9.8ten sam vendor

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Des...

CVE-2023-25262HIGH7.5ten sam vendor

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe R...

CVE-2023-25260HIGH7.5ten sam vendor

Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.