Ortussolutions Testbox vulnerabilities
2 known vulnerabilities affecting ortussolutions/testbox.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-15929P2CRITICALCVSS 9.8≥ 2.4.0, ≤ 4.1.02020-11-24
CVE-2020-15929 [CRITICAL] CWE-22 CVE-2020-15929: In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/H
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
nvd
CVE-2020-15928P4MEDIUMCVSS 5.3≥ 2.4.0, ≤ 4.1.02020-11-24
CVE-2020-15928 [MEDIUM] CWE-22 CVE-2020-15928: In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
nvd