Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2020-27998

CVE-2020-27998:
Missing Authorization in FastReport

9.8

CVSS Score

Basic Information

CVE ID
CVE-2020-27998
GHSA ID
GHSA-v726-3vg9-cp34
EPSS Score
-
CWE
CWE-862
Published
8/2/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
FastReport.OpenSourcenuget< 2020.4.02020.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from FastReport's script engine allowing unrestricted use of .NET reflection and interop features. Key indicators:

  1. The advisory explicitly lists GetType, typeof, DllImport, LoadLibrary and GetProcAddress as problematic
  2. The GHSL-2020-143 advisory demonstrates RCE through expression evaluation
  3. The fix introduced a ScriptSecurity feature with keyword blocking
  4. These functions enable type discovery, assembly loading, and native code execution - critical capabilities for arbitrary code execution
  5. While exact file paths aren't visible in public sources, the functions' presence in report scripting context without authorization checks constitutes the core vulnerability

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in **stR*port ***or* ****.*.*. It l**ks * S*riptS**urity ***tur* *n* t**r**or* m*y mis**n*l* (*or *x*mpl*) **tTyp*, typ*o*, Typ*O*, *llImport, Lo**Li*r*ry, *n* **tPro****r*ss.

Reasoning

T** vuln*r**ility st*ms *rom **stR*port's s*ript *n*in* *llowin* unr*stri*t** us* o* .N*T r**l**tion *n* int*rop ***tur*s. K*y in*i**tors: *. T** **visory *xpli*itly lists **tTyp*, typ*o*, *llImport, Lo**Li*r*ry *n* **tPro****r*ss *s pro*l*m*ti* *. T