Vulnerabilities > CVE-2020-19301 - Incorrect Authorization vulnerability in Vaethink 1.0.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vaethink

CWE-863

critical

NVD

Published: 2021-08-03

Updated: 2022-10-26

Summary

A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter.

Vulnerable Configurations

Part	Description	Count
Application	Vaethink Vaethink Vaethink 1.0.1	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/tingyuu/vaeThink/issues/1
https://cwe.mitre.org/data/definitions/94.html