CVE-2020-10580 | Severity.io

Description

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.

Related CPE's

invigo

automatic_device_management

Vulnerable

References

https://cwe.mitre.org/data/definitions/77.html

Third Party Advisory

https://www.on-x.com/sites/default/files/security_advisory_-_multiple_vulnerabilities_-_invigo_adm.pdf

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary

CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-25T20:15:12.133

4 years ago

Last modified

2022-10-05T16:40:23.220

2 years ago