Remote Code Execution via Search Bar Feature in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961
CVE-2020-27478

7.1HIGH

Key Information:

Vendor: Simplcommerce
Vendor: CVE Published:; 30 April 2024

🔔 Create Simplcommerce Vulnerability Alert

What is CVE-2020-27478?

A Cross Site Scripting vulnerability exists in SimplCommerce that enables remote attackers to execute arbitrary code through a crafted script sent via the search bar feature. This vulnerability poses a significant security risk as it can allow an attacker to manipulate how users interact with the application, potentially compromising sensitive data or gaining unauthorized access.

References

https://github.com/simplcommerce/SimplCommerce/issues/943

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2024
Vulnerability Reserved
Oct 21, 2020

CVE-2020-27478 Data

JSON