CVE-2020-10374
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
30/03/2020
Last modified:
25/06/2020
Description
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* | 19.2.50 (including) | 20.1.56 (including) |
To consult the complete list of CPE names with products and versions, see this page