CVE-2020-11084 Information

Description

In iPear the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via \For Developers\ are affected. This function allows executing any PHP code within iPear which may change damage or steal data (files) from the PC.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4