Lucene search
SAINT CorporationSAINT:12D923E478A5F12917E694F4DC11168DHistoryApr 30, 2020 - 12:00 a.m.
Unraid webGui remote code execution
2020-04-3000:00:00
SAINT Corporation
download.saintcorporation.com
183
0.971 High
EPSS
Percentile
99.8%
Added: 04/30/2020
CVE: CVE-2020-5847
Background
Unraid is a network-attached storage operating system. It runs a web-based graphical user interface (webGui) written in PHP.
Problem
The Unraid webGui uses the PHP **extract** function to load all GET parameters into the application as variables, allowing a remote user to control any program variable, leading to command execution.
Resolution
Upgrade to Unraid 6.8.1 or higher.
References
Related
prion
prion
Remote code execution
2020-03-16 18:15:00
cvelist
cvelist
CVE-2020-5847
2020-03-16 17:23:24
cve
cve
CVE-2020-5847
2020-03-16 18:15:12
nvd
nvd
CVE-2020-5847
2020-03-16 18:15:12
openvas
openvas
Unraid OS 6.8.0 Authentication Bypass Vulnerability
2020-02-14 00:00:00
Unraid OS < 6.8.1 RCE Vulnerability
2020-02-14 00:00:00
saint
saint
Unraid webGui remote code execution
2020-04-30 00:00:00
Unraid webGui remote code execution
2020-04-30 00:00:00
cisa_kev
cisa_kev
Unraid Remote Code Execution Vulnerability
2021-11-03 00:00:00
Unraid Authentication Bypass Vulnerability
2021-11-03 00:00:00
attackerkb
attackerkb
CVE-2020-5847
2020-03-16 00:00:00
CVE-2020-5849
2020-03-16 00:00:00
zdt
zdt
Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution Exploit
2020-04-18 00:00:00
metasploit
metasploit
Unraid 6.8.0 Auth Bypass PHP Code Execution
2020-03-21 10:44:35
packetstorm
packetstorm
Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution
2020-04-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Unraid Remote Code Execution (CVE-2020-5847; CVE-2020-5849)
2021-11-30 00:00:00
nuclei
nuclei
UnRaid <=6.80 - Remote Code Execution
2021-02-14 20:52:26
exploitdb
exploitdb
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
2020-04-20 00:00:00