CVE-2020-15227

Summary

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

Affected Software

VendorProductVersion RangeStatus
netteapplication>= 2.0.0, < 2.0.19affected
netteapplication>= 2.1.0, < 2.1.13affected
netteapplication>= 2.2.0, < 2.2.10affected
netteapplication>= 2.3.0, < 2.3.14affected
netteapplication>= 2.4.0, < 2.4.16affected
netteapplication>= 3.0.0, < 3.0.6affected

Weaknesses

  • CWE-74: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

References