CVE-2020-11990

LOW

Cordova (Android) - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11990. PoCs published by forse01.

AI-analyzed exploit summary The provided code is a basic Cordova initialization stub and does not contain any exploit logic for CVE-2020-11990. It lacks the malicious payload or vulnerability demonstration expected in a PoC.

Description

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

Exploits (1)

nomisec STUB

by forse01 · poc

https://github.com/forse01/CVE-2020-11990-Cordova

View Code ZIP pw:eip

The provided code is a basic Cordova initialization stub and does not contain any exploit logic for CVE-2020-11990. It lacks the malicious payload or vulnerability demonstration expected in a PoC.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apache Cordova

No auth needed

Prerequisites: None

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html

Third Party Advisory third-party-advisory x_refsource_jvn

http://jvn.jp/en/jp/JVN59779918/index.html

Scores

CVSS v3 3.3

EPSS 0.0073

EPSS Percentile 49.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (1)

apache/cordova 4.1.0

Published Dec 01, 2020

Tracked Since Feb 18, 2026