CVE-2020-7849
HIGHuPrism.io CURIX - Unauthenticated Remote Code Execution via Crafted URL
Title source: llmDescription
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35903
Scores
CVSS v3
8.0
EPSS
0.0132
EPSS Percentile
67.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
uprism/curix
1.3.6
Published
Feb 17, 2021
Tracked Since
Feb 18, 2026