CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15477

The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.082

EPSS Ranking 91.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://gist.github.com/PreethamBomma/e7b6d220790f95555dc2c5ac1d7d2f85
https://github.com/raspberrytorte/tortoise/tree/master/nodejs
https://gist.github.com/PreethamBomma/e7b6d220790f95555dc2c5ac1d7d2f85
https://github.com/raspberrytorte/tortoise/tree/master/nodejs

Products affected by CVE-2020-15477

Raspberrytorte » Raspberrytortoise » Version: N/A

cpe:2.3:a:raspberrytorte:raspberrytortoise:-
Raspberrytorte » Raspberrytortoise » Version: 2012-10-28

cpe:2.3:a:raspberrytorte:raspberrytortoise:2012-10-28

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15477

Products

Pricing

Contact Us