Ortus TestBox up to 4.1.0 Query String HTMLRunner.cfm command injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Ortus TestBox up to 4.1.0. It has been classified as critical. Affected is some unknown functionality of the file system/runners/HTMLRunner.cfm of the component Query String Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/24/2020 10:34 AM12/10/2020 09:31 AM12/10/2020 09:34 AM
vendorOrtusOrtusOrtus
nameTestBoxTestBoxTestBox
version<=4.1.0<=4.1.0<=4.1.0
componentQuery String HandlerQuery String HandlerQuery String Handler
filesystem/runners/HTMLRunner.cfmsystem/runners/HTMLRunner.cfmsystem/runners/HTMLRunner.cfm
cvss3_vuldb_avNNN
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
identifier490774907749077
urlhttps://www.exploit-db.com/exploits/49077https://www.exploit-db.com/exploits/49077https://www.exploit-db.com/exploits/49077
availability111
publicity111
urlhttps://www.exploit-db.com/exploits/49077https://www.exploit-db.com/exploits/49077https://www.exploit-db.com/exploits/49077
cveCVE-2020-15929CVE-2020-15929CVE-2020-15929
exploitdb490774907749077
date1606172400 (11/24/2020)1606172400 (11/24/2020)1606172400 (11/24/2020)
cvss2_vuldb_avNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore5.45.45.4
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_meta_basescore6.36.38.0
cvss3_meta_tempscore6.06.07.6
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned15955416001595541600
cve_nvd_summaryIn Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
cwe0077 (privilege escalation)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss2_nvd_basescore7.5
cvss3_nvd_basescore9.8

Want to stay up to date on a daily basis?

Enable the mail alert feature now!