CVE-2020-17384

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
Configurations

Configuration 1 (hide)

cpe:2.3:o:cellopoint:cellos:4.1.10:build20190922:*:*:*:*:*:*

History

08 May 2025, 10:15

Type Values Removed Values Added
Summary (en) Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system. (en) Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.

21 Nov 2024, 05:07

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-3845-be6bf-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-3845-be6bf-1.html - Third Party Advisory

Information

Published : 2020-08-25 08:15

Updated : 2025-05-08 10:15


NVD link : CVE-2020-17384

Mitre link : CVE-2020-17384

CVE.ORG link : CVE-2020-17384


JSON object : View

Products Affected

cellopoint

  • cellos
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')