Primary

Context

Cordaware Bestinformed Web Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability exists in the Cordaware Bestinformed Web application, specifically in version 6.4.0.4. This issue allows authenticated users with the right permissions to execute commands on the server hosting the application. By default, only admin users can create 'ScriptVars' of the type 'script' and preview them. However, these permissions can be granted to other users through a granular permission system. An attacker could exploit this vulnerability if they compromised an account with the necessary rights.

Impact

Exploitation of this vulnerability allows for remote code execution on the server running the Bestinformed Web application.

Remediation

Users can update to Cordaware Bestinformed Web Interface version 6.2.2.5 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cordaware Bestinformed Web Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cordaware bestinformed Web Interface

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating