Published: 28/04/2020 Updated: 21/07/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 802

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opmantek open-audit 3.3.1

The official exploit for Open-AudIT v3.3.1 Remote Code Execution CVE-2020-12078

CVE-2020-12078 The official exploit for Open-AudIT v331 Remote Code Execution CVE-2020-12078

CWE-78 https://gist.github.com/mhaskar/dca62d0f0facc13f6364b8ed88d5a7fd https://github.com/Opmantek/open-audit/commit/6ffc7f9032c55eaa1c37cf5e070809b7211c7e9a https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/mhaskar/CVE-2020-12078

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-12078

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect