Skip to main content

Fat Free Framework

1 CVEs product

Monthly

CVE-2020-5203 PHP CRITICAL PATCH Act Now

In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fat Free Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fat Free Framework
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy