CVE-2020-11084
MEDIUMipear - OS Command Injection via Manual eval() Execution
Title source: llmDescription
In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj
Scores
CVSS v3
6.4
EPSS
0.0143
EPSS Percentile
69.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Details
CWE
CWE-77
CWE-78
Status
published
Products (3)
ipear_project/ipear
0.6.14
ipear_project/ipear
0.6.15
ipear_project/ipear
0.7.0
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026