CVE-2020-25490
HIGHsqreen/php_microagent < 1.16.0 - Remote Code Execution via Cryptographic Signature Verification Bypass
Title source: llmDescription
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/
Scores
CVSS v3
7.3
EPSS
0.0115
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-347
Status
published
Products (1)
sqreen/php_microagent
< 1.16.0
Published
Sep 17, 2020
Tracked Since
Feb 18, 2026