CVE-2020-7825

Published: Jul 17, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform.

Affected (1)

Products: Tobesoft: Miplatform

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tobesoft Miplatform	Up to 2019.05.16

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35509

Source: vuln@krcert.or.kr

Third Party Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35509

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.