CVE-2020-24985

Published: Mar 15, 2021Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.

Affected (1)

Products: Quadbase: Espressdashboard

Quadbase

1 product

Espressdashboard

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Quadbase Espressdashboard	Version 7.0 update9

Related CWEs

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (2)

https://c41nc.co.uk/cve-2020-24985/

Source: cve@mitre.org

ExploitThird Party Advisory

https://c41nc.co.uk/cve-2020-24985/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.