CVE-2020-15227 HIGH

CVE-2020-15227: Remote Code Execution vulnerability

Vendor Nette
Product application
Weakness CWE-74
Published October 1, 2020
Last update August 4, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

Key dates

02Disclosure timeline

October 1, 2020 CVE published
August 4, 2024 Record updated