Main Vulnerability Database Exploits ID:2960 - Exploit for Input validation error in Microsoft SharePoint Server - CVE-2020-1102

ID:2960 - Exploit for Input validation error in Microsoft SharePoint Server - CVE-2020-1102

Published: June 3, 2020

Vulnerability identifier: #VU27736

Vulnerability risk: Medium

CVE-ID: CVE-2020-1102

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Microsoft SharePoint Server

Link to public exploit:

https://github.com/DanielRuf/snyk-js-jquery-565129

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Microsoft SharePoint when handling shared forms. A remote authenticated attacker can invoke a shared form in a way that allows arbitrary controls to be instantiated and execute arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Remediation

Install updates from vendor's website.

ID:2960 - Exploit for Input validation error in Microsoft SharePoint Server - CVE-2020-1102

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human