CVE-2020-17363

CRITICAL

USVN < 1.0.9 - Remote Code Execution via Timeline Module Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-17363. PoCs published by tnpitsecurity.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2020-17363, an OS command injection vulnerability in USVN's Timeline module. It includes code snippets, exploitation details, and a timeline of the vulnerability's discovery and patching.

Description

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.

Exploits (1)

github WRITEUP 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2020-17363

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2020-17363, an OS command injection vulnerability in USVN's Timeline module. It includes code snippets, exploitation details, and a timeline of the vulnerability's discovery and patching.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: USVN < 1.0.8

Auth required

Prerequisites: Authenticated access to USVN · Network access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://sysdream.com/news/lab/2020-08-12-cve-2020-17363-usvn-remote-code-execution/

Scores

CVSS v3 9.9

EPSS 0.0438

EPSS Percentile 90.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

usvn/usvn < 1.0.9

Published Dec 31, 2020

Tracked Since Feb 18, 2026