CVE-2020-10580 | Severity.io

Description

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.

Related CPE's

invigo

automatic_device_management

Vulnerable

References

https://cwe.mitre.org/data/definitions/77.html

Third Party Advisory

https://www.on-x.com/sites/default/files/security_advisory_-_multiple_vulnerabilities_-_invigo_adm.pdf

ExploitThird Party Advisory

https://cwe.mitre.org/data/definitions/77.html

Third Party Advisory

https://www.on-x.com/sites/default/files/security_advisory_-_multiple_vulnerabilities_-_invigo_adm.pdf

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary

CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-03-25T19:15:12.133Z

4 years ago

Last modified

2024-11-21T03:55:37.560Z

1 year ago