CVE-2020-15865

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.

Published: Aug 18, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15865
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
stimulsoft / reports	2013.1.1600.0	2013.1.1600.0.x

http://burninatorsec.blogspot.com/2018/11/reporting-c-serialization-remote-code.html

Vulnerability Database

289,782

CVE-2020-15865