A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.
References
Link | Resource |
---|---|
http://burninatorsec.blogspot.com/2018/11/reporting-c-serialization-remote-code.html | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-08-18 14:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-15865
Mitre link : CVE-2020-15865
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
stimulsoft
- reports