CVE-2020-26886

Published: Mar 18, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.

Affected (1)

Products: Softaculous: Softaculous

Softaculous

1 product

Softaculous

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Softaculous Softaculous	Before 5.5.7

Related CWEs

CWE-665

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (6)

https://vulnerable.af

Source: cve@mitre.org

Third Party Advisory

https://vulnerable.af/posts/cve-2020-26886/

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://www.softaculous.com/board/index.php?tid=17086&title=Softaculous_5.5.7_Launched

Source: cve@mitre.org

Release NotesVendor Advisory

https://vulnerable.af

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vulnerable.af/posts/cve-2020-26886/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party Advisory

https://www.softaculous.com/board/index.php?tid=17086&title=Softaculous_5.5.7_Launched

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.