CVE-2020-7849

HIGH

uPrism.io CURIX - Unauthenticated Remote Code Execution via Crafted URL

Title source: llm
STIX 2.1

Description

A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.

References (1)

Core 1
Core References

Scores

CVSS v3 8.0
EPSS 0.0132
EPSS Percentile 67.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
uprism/curix 1.3.6
Published Feb 17, 2021
Tracked Since Feb 18, 2026