ID:9327 - Exploit for Code Injection in node-XMLHttpRequest - CVE-2020-28502

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:9327 - Exploit for Code Injection in node-XMLHttpRequest - CVE-2020-28502

ID:9327 - Exploit for Code Injection in node-XMLHttpRequest - CVE-2020-28502

Published: September 18, 2023


Vulnerability identifier: #VU76189
Vulnerability risk: Medium
CVE-ID: CVE-2020-28502
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
node-XMLHttpRequest

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing synchronous requests in xhr.send. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.



Remediation

Install updates from vendor's website.