Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2020-13925

Published: 14/07/2020 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Apache

Vulnerability Summary

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all previous versions after 2.3 should upgrade to 3.1.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache kylin

Github Repositories

https://github.com/bit4woo/CVE-2020-13925

CVE-2020-13925 环境搭建 参考 githubcom/apache/kylin 使用docker进行环境部署,修改其中的版本为301(存在漏洞的版本)。可以去除 【-m 8G \ 】它的作用是分配内存的大小。 然后访问 host:7070/kylin/login 初始用户名和密码是 ADMIN/KYLIN。 docker pull apachekylin/apache-kylin-standalone:301 docke

References

CWE-78https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3Ehttps://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3Ehttps://nvd.nist.govhttps://github.com/bit4woo/CVE-2020-13925
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook