A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.
References
Link | Resource |
---|---|
http://burninatorsec.blogspot.com/2018/11/reporting-c-serialization-remote-code.html | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-08-18 21:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-15865
Mitre link : CVE-2020-15865
CVE.ORG link : CVE-2020-15865
JSON object : View
Products Affected
stimulsoft
- reports
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')