CVSS: 9.3EPSS: 20%CPEs: 2EXPL: 2CVE-2018-20580 – ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-20580
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. La funcionalidad de importación WSDL de SmartBear ReadyAPI,versiones 2.5.0 y 2.6.0, permite a los atacantes remotos ejecutar código Java arbitrario a través de un parámetro de solicitud creado en un archivo WSDL. ReadyAPI versions 2.5.0 and 2.6.0 suffer from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/46796 https://github.com/gscamelo/CVE-2018-20580 http://packetstormsecurity.com/files/152731/ReadyAPI-2.5.0-2.6.0-Remote-Code-Execution.html https://vimeo.com/332912402 https://vimeo.com/332912473 • CWE-20: Improper Input Validation •