CVE-2020-24985

EUVD-2020-17685
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
quadbaseespressdashboard
7.0:update9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://c41nc.co.uk/cve-2020-24985/
https://c41nc.co.uk/cve-2020-24985/