An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-15T17:51:47

Updated: 2024-08-04T15:26:09.063Z

Reserved: 2020-08-28T00:00:00

Link: CVE-2020-24985

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-15T18:15:16.643

Modified: 2024-11-21T05:16:21.143

Link: CVE-2020-24985

cve-icon Redhat

No data.