4.1
CVE-2020-29135
- EPSS 0.57%
- Veröffentlicht 27.11.2020 02:15:10
- Zuletzt bearbeitet 21.11.2024 05:23:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LogincPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.428 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.1 | 2.3 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-838 Inappropriate Encoding for Output Context
The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.
https://docs.cpanel.net/changelogs/90-change-log/
https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/