Vulnerability Details CVE-2020-13124
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://github.com/sabnzbd/sabnzbd/commits/develop
- https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2
- https://sabnzbd.org/downloads
- https://github.com/sabnzbd/sabnzbd/commits/develop
- https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2
- https://sabnzbd.org/downloads