CVE-2020-29552

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
23/12/2020
Last modified:
02/09/2022

Description

An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:urve:urve:24.03.2020:*:*:*:*:*:*:*