Ortus TestBox up to 4.1.0 Query String HTMLRunner.cfm command injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Ortus TestBox up to 4.1.0. It has been classified as critical. Affected is some unknown functionality of the file system/runners/HTMLRunner.cfm of the component Query String Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1071673812/10/2020VulD...cvss3_nvd_basescore9.8nist.gov12/10/2020accepted90
1071673712/10/2020VulD...cvss2_nvd_basescore7.5nist.gov12/10/2020accepted90
1071673612/10/2020VulD...price_0day$0-$5ksee documentation12/10/2020accepted90
1071673512/10/2020VulD...cvss3_meta_tempscore7.6see documentation12/10/2020accepted90
1071673412/10/2020VulD...cvss3_meta_basescore8.0see documentation12/10/2020accepted90
1071673312/10/2020VulD...cvss2_nvd_aiPnvd.nist.gov12/10/2020accepted70
1071673212/10/2020VulD...cvss2_nvd_iiPnvd.nist.gov12/10/2020accepted70
1071673112/10/2020VulD...cvss2_nvd_ciPnvd.nist.gov12/10/2020accepted70
1071673012/10/2020VulD...cvss2_nvd_auNnvd.nist.gov12/10/2020accepted70
1071672912/10/2020VulD...cvss2_nvd_acLnvd.nist.gov12/10/2020accepted70
1071672812/10/2020VulD...cvss2_nvd_avNnvd.nist.gov12/10/2020accepted70
1071672712/10/2020VulD...cvss3_nvd_aHnvd.nist.gov12/10/2020accepted70
1071672612/10/2020VulD...cvss3_nvd_iHnvd.nist.gov12/10/2020accepted70
1071672512/10/2020VulD...cvss3_nvd_cHnvd.nist.gov12/10/2020accepted70
1071672412/10/2020VulD...cvss3_nvd_sUnvd.nist.gov12/10/2020accepted70
1071672312/10/2020VulD...cvss3_nvd_uiNnvd.nist.gov12/10/2020accepted70
1071672212/10/2020VulD...cvss3_nvd_prNnvd.nist.gov12/10/2020accepted70
1071672112/10/2020VulD...cvss3_nvd_acLnvd.nist.gov12/10/2020accepted70
1071672012/10/2020VulD...cvss3_nvd_avNnvd.nist.gov12/10/2020accepted70
1071671912/10/2020VulD...cwe77 (privilege escalation)nvd.nist.gov12/10/2020accepted70

Do you know our Splunk app?

Download it now for free!