CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-11084

In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.2%

CVSS Severity

CVSS v3 Score 6.4

CVSS v2 Score 5.5

References

https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj
https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj

Products affected by CVE-2020-11084

Ipear Project » Ipear » Version: 0.6.14

cpe:2.3:a:ipear_project:ipear:0.6.14
Ipear Project » Ipear » Version: 0.6.15

cpe:2.3:a:ipear_project:ipear:0.6.15
Ipear Project » Ipear » Version: 0.7.0

cpe:2.3:a:ipear_project:ipear:0.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11084

Products

Pricing

Contact Us