CVE-2020-35734
HIGHBatflat 1.3.6 - Authenticated Remote Code Execution via User Profile Input Fields
Title source: llmDescription
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://batflat.org/en/changelog
Exploit, Third Party Advisory x_refsource_misc
https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/sruupl/batflat/issues/98
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html
Scores
CVSS v3
7.2
EPSS
0.0677
EPSS Percentile
93.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
batflat/batflat
1.3.6
Published
Feb 15, 2021
Tracked Since
Feb 18, 2026