CVE-2020-12736

HIGH Year: 2020
CVSS v3 Score
7.2
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.

Related Vulnerabilities

CVE-2011-2538

HIGH
CVSS:7.2(High)

Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.

CWE-742011

CVE-2011-4558

HIGH
CVSS:7.2(High)

Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.

CWE-742011

CVE-2012-2931

HIGH
CVSS:7.2(High)

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.

CWE-742012

CVE-2017-18386

HIGH
CVSS:7.2(High)

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).

CWE-742017

CVE-2017-18387

HIGH
CVSS:7.2(High)

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).

CWE-742017

CVE-2019-11073

HIGH
CVSS:7.2(High)

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransa...

CWE-742019