vendor:
PixelStor 5000
by:
.:UND3R:.
9.8
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: PixelStor 5000
Affected Version From: K:4.0.1580-20150629 (KDI Version)
Affected Version To: K:4.0.1580-20150629 (KDI Version)
Patch Exists: YES
Related CWE: CVE-2020-6756
CPE: a:rasilient:pixelstor_5000
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Linux
2020
PixelStor 5000 – Remote Code Execution
PixelStor 5000 is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a maliciously crafted POST request to the languageOptions.php page. This will allow the attacker to execute arbitrary commands on the vulnerable system.
Mitigation:
The vendor has released a patch to address this vulnerability.
