CVE-2020-29659

CRITICAL

Flexense DupScout Enterprise 10.0.18 - Buffer Overflow

Title source: llm

Description

A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.

Exploits (1)

exploitdb WORKING POC

by Andrés Roldán · pythonremotewindows

https://www.exploit-db.com/exploits/49217

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://fluidattacks.com/advisories/prine/

[Product] https://www.dupscout.com

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49217

Scores

CVSS v3 9.8

EPSS 0.0439

EPSS Percentile 89.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (1)

flexense/dupscout 10.0.18

Published Dec 09, 2020

Tracked Since Feb 18, 2026