Main Vulnerability Database Vulnerabilities #VU24192

Code Injection in PixelStor 5000 - CVE-2020-6757

Published: January 10, 2020

Vulnerability identifier: #VU24192

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2020-6757

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Rasilient

Affected software:
PixelStor 5000

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in contentHostProperties.php. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system via the "name" parameter.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2020-6757

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/

Code Injection in PixelStor 5000 - CVE-2020-6757

Detailed vulnerability description

How to mitigate CVE-2020-6757

Sources

Please verify you're human