CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2019-10778

Devcert-Sanscache Project » Devcert-Sanscache » Version: 0.4.0

cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:0.4.0
Devcert-Sanscache Project » Devcert-Sanscache » Version: 0.4.1

cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:0.4.1
Devcert-Sanscache Project » Devcert-Sanscache » Version: 0.4.2

cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:0.4.2
Devcert-Sanscache Project » Devcert-Sanscache » Version: 0.4.3

cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:0.4.3
Devcert-Sanscache Project » Devcert-Sanscache » Version: 0.4.4

cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:0.4.4
Devcert-Sanscache Project » Devcert-Sanscache » Version: 0.4.5

cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:0.4.5
Devcert-Sanscache Project » Devcert-Sanscache » Version: 0.4.6

cpe:2.3:a:devcert-sanscache_project:devcert-sanscache:0.4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10778

Products

Pricing

Contact Us