← back
CVE-2020-35729

CVE-2020-35729

EPSS 88.0%
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
Affected products
n/a · n/a
public PoCs found6
githubgithub.com/Al1ex/CVE-2020-357295cve_referencepacketstormsecurity.com/files/160798/Klog-Server-2.4.1-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/161123/Klog-Server-2.4.1-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/161410/Klog-Server-2.4.1-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49366unverifiedexploitdbwww.exploit-db.com/exploits/49474unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/160798/Klog-Server-2.4.1-Command-Injection.htmlhttp://packetstormsecurity.com/files/161123/Klog-Server-2.4.1-Command-Injection.htmlhttp://packetstormsecurity.com/files/161410/Klog-Server-2.4.1-Command-Injection.htmlhttps://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/Exploit_Codehttps://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/README.md