Arbitrary Code Execution Vulnerability in Qt QPluginLoader

Arbitrary Code Execution Vulnerability in Qt QPluginLoader

CVE-2020-24742 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

Learn more about our Web Application Penetration Testing UK.