CVE-2020-11766
HIGHAvantFAX 3.3.0-3.3.5 & HylaFAX Enterprise 0.2.0-0.2.4 - OS Command Injection via sendfax.php
Title source: llmDescription
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
ftp://ftp.ifax.com/security/CVE-2020-11766.html
Scores
CVSS v3
8.8
EPSS
0.0185
EPSS Percentile
76.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
avantfax/avantfax
3.3.0 - 3.3.6
ifax/hylafax
0.2.0 - 0.2.5
Published
May 19, 2020
Tracked Since
Feb 18, 2026