Kaspersky: >> Tinycheck Security Vulnerabilities
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
CVSS Score
9.8
EPSS Score
0.06
Published
2021-01-26
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-01-26
In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-01-19