CVE-2020-13448
28Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 18%
from disclosure to weapon0 days
Published on NVDJun 1
1st PoCJun 1
exploitation probability
18%top 3% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/157898/QuickBox-Pro-2.1.8-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48536unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.