{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T03:05:37.981","vulnerabilities":[{"cve":{"id":"CVE-2020-22000","sourceIdentifier":"cve@mitre.org","published":"2021-04-27T18:15:07.863","lastModified":"2024-11-21T05:13:00.100","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function."},{"lang":"es","value":"HomeAutomation versión 3.3.2, sufre de una vulnerabilidad de ejecución de comandos del Sistema Operativo autenticado usando el complemento de comando personalizado versión v0.1. Esto puede ser explotado con una vulnerabilidad CSRF para ejecutar comandos de shell arbitrarios como un usuario web por medio de los parámetros POST \"set_command_on\" y \"set_command_off\" en el archivo \"/system/systemplugins/customcommand/customcommand.plugin.php\" usando una función PHP exec( )"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:C/I:C/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.8,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"28A14AE8-CCA1-4402-A897-1011C31935A4"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/47809","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5560.php","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/47809","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5560.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}