{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T14:31:58.205","vulnerabilities":[{"cve":{"id":"CVE-2020-11084","sourceIdentifier":"security-advisories@github.com","published":"2020-07-14T22:15:10.623","lastModified":"2024-11-21T04:56:45.267","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via \"For Developers\" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC."},{"lang":"es","value":"En iPear, la ejecución manual de la función eval() puede conducir a la inyección de comandos. Solo están afectadas las PC donde los comandos se ejecutan manualmente por medio de \"For Developers\". Esta función permite ejecutar cualquier código PHP dentro de iPear que pueda cambiar, dañar o robar datos (archivos) desde la PC"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ipear_project:ipear:0.6.14:*:*:*:*:*:*:*","matchCriteriaId":"351B7FE7-18A0-4338-9920-E90415992C0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipear_project:ipear:0.6.15:*:*:*:*:*:*:*","matchCriteriaId":"95962A24-A98D-4684-89EC-FA179A7D13A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipear_project:ipear:0.7.0:*:*:*:*:*:*:*","matchCriteriaId":"1149C148-D414-45A8-A19E-AFBEE683AFD8"}]}]}],"references":[{"url":"https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}