High severity7.2NVD Advisory· Published Feb 15, 2021· Updated Jun 17, 2026
CVE-2020-35734
CVE-2020-35734
Description
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Sruu.pl/Batflatdescription
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.htmlnvdExploitThird Party Advisory
- github.com/sruupl/batflat/issues/98nvdExploitThird Party Advisory
- secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/nvdExploitThird Party Advisory
- batflat.org/en/changelognvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.