Vulnerability Details CVE-2020-10390
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 88.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2020-10390
-
cpe:2.3:a:chadhaajay:phpkb:9.0