Security Advisory

CVE-2020-15929

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-11-24 01:32:48

Last updated 2024-08-04 13:30:23

Assigner mitre

State PUBLISHED

Description

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the applications context) containing attacker-defined CFML tags, leading to Remote Code Execution.

← Browse all CVEs View on cve.org ↗