CVE-2020-23037

Published: Oct 22, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

Affected (2)

Products: Portable: Playable

Portable

1 product

Playable

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Portable Playable	Version 9.18
Portable Playable	Version 9.18

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://www.vulnerability-lab.com/get_content.php?id=2198

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.vulnerability-lab.com/get_content.php?id=2198

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.