Vulnerability Details CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.081
EPSS Ranking 91.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-15929
-
cpe:2.3:a:ortussolutions:testbox:2.4.0
-
cpe:2.3:a:ortussolutions:testbox:2.5.0
-
cpe:2.3:a:ortussolutions:testbox:3.0.0
-
cpe:2.3:a:ortussolutions:testbox:3.1.0
-
cpe:2.3:a:ortussolutions:testbox:4.1.0