Security Advisory

CVE-2020-13694

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-06-01 15:19:45

Last updated 2024-08-04 12:25:16

Assigner mitre

State PUBLISHED

Description

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.

← Browse all CVEs View on cve.org ↗