CVE-2020-25494

Name of the Vulnerable Software and Affected Versions Xinuos (formerly SCO) Openserver versions v5 and v6

Description The issue allows attackers to execute arbitrary commands via shell metacharacters in the outputform or toclevels parameter to "cgi-bin/printbook".

Recommendations For Xinuos (formerly SCO) Openserver versions v5 and v6, consider restricting access to the "cgi-bin/printbook" endpoint until a patch is available. As a temporary workaround, avoid using the outputform and toclevels parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.