ID:8889 - Exploit for Deserialization of Untrusted Data in Plex Media Server - CVE-2020-5741

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:8889 - Exploit for Deserialization of Untrusted Data in Plex Media Server - CVE-2020-5741

ID:8889 - Exploit for Deserialization of Untrusted Data in Plex Media Server - CVE-2020-5741

Published: March 7, 2023


Vulnerability identifier: #VU72903
Vulnerability risk: Medium
CVE-ID: CVE-2020-5741
CWE-ID: CWE-502
Exploitation vector: Remote access
Vulnerable software:
Plex Media Server

Link to public exploit:


Vulnerability description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote privileged user can send specially crafted HTTP request to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install updates from vendor's website.