Arbitrary Code Execution via Lua Bytecode in Dungeon Crawl Stone Soup (DCSS) 0.25 and earlier
CVE-2020-11722 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.
Learn more about our Web Application Penetration Testing UK.