CVE-2020-21651

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.
References
Link Resource
https://cwe.mitre.org/data/definitions/96.html Technical Description
https://github.com/lolipop1234/XXD/issues/3 Exploit Third Party Advisory
https://cwe.mitre.org/data/definitions/96.html Technical Description
https://github.com/lolipop1234/XXD/issues/3 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:myucms_project:myucms:2.2:*:*:*:*:*:*:*

History

21 Nov 2024, 05:12

Type Values Removed Values Added
References () https://cwe.mitre.org/data/definitions/96.html - Technical Description () https://cwe.mitre.org/data/definitions/96.html - Technical Description
References () https://github.com/lolipop1234/XXD/issues/3 - Exploit, Third Party Advisory () https://github.com/lolipop1234/XXD/issues/3 - Exploit, Third Party Advisory

Information

Published : 2021-10-06 22:15

Updated : 2024-11-21 05:12


NVD link : CVE-2020-21651

Mitre link : CVE-2020-21651

CVE.ORG link : CVE-2020-21651


JSON object : View

Products Affected

myucms_project

  • myucms
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')