897 B
897 B
CVE-2010-20059
&color=brightgreen)
Description
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.
POC
Reference
- https://www.exploit-db.com/exploits/16313
- https://www.vulncheck.com/advisories/freenas-arbitrary-command-execution
Github
No PoCs found on GitHub currently.