CVE-2020-25490

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sqreen:php_microagent:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:18

Type Values Removed Values Added
References () https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/ - Exploit, Vendor Advisory () https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/ - Exploit, Vendor Advisory

Information

Published : 2020-09-17 17:15

Updated : 2024-11-21 05:18


NVD link : CVE-2020-25490

Mitre link : CVE-2020-25490

CVE.ORG link : CVE-2020-25490


JSON object : View

Products Affected

sqreen

  • php_microagent
CWE
CWE-347

Improper Verification of Cryptographic Signature