VDB
CVE-2020-15227
CVE-2020-15227
PUBLISHED
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
EPSS 93.79% · 99.9th percentile
Risk Scores
EPSS Score
93.79%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | php-nette | 0, 2.3.5-1, 2.3.8-1 |
| Ubuntu:18.04:LTS | php-nette | 0, 2.4-20160731-1 |
Exploit Intelligence
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 checker (github-poc)
- CVE-2020-15227 exploit (github-poc)
- CVE-2020-15227 exploit (github-poc)
…and 637 more exploits
Timeline
- Jan 19, 1970 VulnCheck XDB Entry
- Jan 19, 1970 VulnCheck XDB Entry
- Jan 19, 1970 VulnCheck XDB Entry
- Oct 1, 2020 CVE Published
- Oct 12, 2020 VulnCheck KEV Exploitation
- Nov 19, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Nov 18, 2021 CVE Updated
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-15227 third-party-advisory
- https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 third-party-advisory
- https://github.com/nette/application/commit/5b39e53674c9ad2ab0b9916c3fc7becf472f67cb third-party-advisory
- https://ubuntu.com/security/notices/USN-5983-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15227 third-party-advisory