CVE-2020-37027

Sickbeard 0.1 - Remote Command Injection

CVSS 9.3 CRITICALEPSS 2.3%CWE-78

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

midgetspy · Sickbeard

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/48646no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/midgetspy/Sick-Beard https://web.archive.org/web/20190722085652/https://sickbeard.com/https://www.exploit-db.com/exploits/48646 https://www.vulncheck.com/advisories/sickbeard-remote-command-injection