Description

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.

Remediation

References

CVE-2020-11819

Related Vulnerabilities

WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6297)

Next.js URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15242)

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5621)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-23897)

Severity

Critical

Classification

CVE-2020-11819 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities