CVE-2020-25494

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1630%

EPSS Percentile36.70th

PublishedDec 18, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.

Affected Platforms (CPE)

📦

Xinuos

Openserver

= 5.0.7

📦

Xinuos

Openserver

= 6.0

References & Advisories

🔗 http://packetstormsecurity.com/files/160635/SCO-Openserver-5.0.7-Command-Injection.html

🔗 https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20OS%20Command%20Injection%20Vulnerability

🔗 http://packetstormsecurity.com/files/160635/SCO-Openserver-5.0.7-Command-Injection.html

🔗 https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20OS%20Command%20Injection%20Vulnerability

Vulnerability Description

Affected Platforms (CPE)

Openserver

Openserver

References & Advisories

Related Vulnerabilities