languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.
References
Link | Resource |
---|---|
https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/ | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-01-09 15:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-6756
Mitre link : CVE-2020-6756
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
rasilient
- pixelstor_5000_firmware
- pixelstor_5000