NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2020-36642

Summary	A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.
Publication Date	Jan. 6, 2023, 8:15 p.m.
Registration Date	Jan. 7, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 2:29 p.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:jobe_project:jobe::::::::					1.7.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/trampgeek/jobe/commit/8f43daf50c943b98eaf0c542da901a4a16e85b02		Patch
2	https://github.com/trampgeek/jobe/commit/8f43daf50c943b98eaf0c542da901a4a16e85b02		Patch
3	https://github.com/trampgeek/jobe/issues/39		Issue Tracking Third Party Advisory
4	https://github.com/trampgeek/jobe/issues/39		Issue Tracking Third Party Advisory
5	https://github.com/trampgeek/jobe/releases/tag/v1.7.0		Release Notes
6	https://github.com/trampgeek/jobe/releases/tag/v1.7.0		Release Notes
7	https://vuldb.com/?ctiid.217553		Permissions Required Third Party Advisory
8	https://vuldb.com/?ctiid.217553		Permissions Required Third Party Advisory
9	https://vuldb.com/?id.217553		Permissions Required Third Party Advisory
10	https://vuldb.com/?id.217553		Permissions Required Third Party Advisory

Common Vulnerabilities List