17 matches found
UnRaid <=6.80 - Remote Code Execution
UnRaid =6.80 allows remote unauthenticated attackers to execute arbitrary code. id: CVE-2020-5847 info: name: UnRaid =6.80 - Remote Code Execution author: madrobot severity: critical description: UnRaid =6.80 allows remote unauthenticated attackers to execute arbitrary code. impact: |...
Unraid OS < 6.8.1 Web UI RCE Vulnerability - Version Check
Unraid OS is prone to a remote code execution RCE vulnerability in the Web UI. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Unraid Remote Code Execution (CVE-2020-5847; CVE-2020-5849)
A remote code execution vulnerability exists in Unraid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Unraid Authentication Bypass Vulnerability
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...
Unraid webGui remote code execution
Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...
Unraid webGui remote code execution
Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...
Unraid webGui remote code execution
Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unraid 6.8.0 Auth Bypass PHP Code Execution', 'Description' = %q This module exploits two vulnerabilities affecting Unraid 6.8.0. An authenticati...
Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution Exploit
This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root. This module requires Metasploit:...
Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unraid 6.8.0 Auth Bypass PHP Code Execution', 'Description' = %q This module exploits two vulnerabilities affecting Unraid 6.8.0. An authenticati...
CVE-2020-5847
creationtimestamp| type| source ---|---|--- 2020-04-16 22:27:58+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/unraidauthbypassexec.rb 2020-04-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48353 2021-11-08 08:58:20+00:00|...
Unraid 6.8.0 Auth Bypass PHP Code Execution
This module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root. This module requires Metasploit:...
CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution...
CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution...
CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution...
CVE-2020-5847
Unraid 6.8.0 and earlier contains two CVEs: CVE-2020-5847 (remote code execution via insecure use of PHP extract) and CVE-2020-5849 (authentication bypass). Reports and exploit references (Metasploit module and Exploit-DB) confirm practical impact: authenticated admin access can be gained, then a...
Unraid OS < 6.8.1 Web UI RCE Vulnerability - Active Check
Unraid OS is prone to a remote code execution RCE vulnerability in the Web UI. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...