vulnerability

Lime Technology Unraid: CVE-2020-5847: Improper Control of Generation of Code ('Code Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Mar 16, 2020	May 7, 2025	May 8, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Mar 16, 2020

Added

May 7, 2025

Modified

May 8, 2025

Description

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.

Solution

lime-technology-unraid-upgrade-latest

References

CVE-2020-5847
https://attackerkb.com/topics/CVE-2020-5847
URL-https://sysdream.com/news/lab/
URL-https://forums.unraid.net/forum/7-announcements/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today