PT-2020-19214 · Rasilient · Rasilient Pixelstor 5000 K

Published

2020-01-09

Updated

2021-07-21

CVE-2020-6757

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rasilient PixelStor 5000 K version 4.0.1580-20150629

Description The issue allows authenticated attackers to remotely execute code. This is achieved via the name parameter in the contentHostProperties.php file.

Recommendations For version 4.0.1580-20150629, avoid using the name parameter in the contentHostProperties.php file until a fix is available. As a temporary workaround, consider restricting access to the contentHostProperties.php file to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-6757

Affected Products

Rasilient Pixelstor 5000 K

PT-2020-19214 · Rasilient · Rasilient Pixelstor 5000 K

CVE-2020-6757

Weakness Enumeration

Related Identifiers

Affected Products

References · 3