CVE-2020-29311

moderate-risk
Published 2020-12-10

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.

Do I need to act?

~
8.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Ubilling

Affected Vendors

Ubilling

References (6)

Exploit https://drive.google.com/file/d/1iLMFSbY8x1CXIf0uFntovY6yZ7N24dQA/view?usp=shari...
Exploit https://drive.google.com/file/d/1smOjvenPB-nE0PyIxnfujCT4KcxxkeWV/view?usp=shari...
Exploit https://gist.github.com/mhaskar/bfa9c2c799fca6697bcc6a213d08cb3e
Exploit https://drive.google.com/file/d/1iLMFSbY8x1CXIf0uFntovY6yZ7N24dQA/view?usp=shari...
Exploit https://drive.google.com/file/d/1smOjvenPB-nE0PyIxnfujCT4KcxxkeWV/view?usp=shari...
Exploit https://gist.github.com/mhaskar/bfa9c2c799fca6697bcc6a213d08cb3e
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 5/34 · Minimal