CVE-2020-12078

HIGH

Open-AudIT 3.3.1 - OS Command Injection via Discovery Settings Exclude IP Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-12078. PoCs published by mhaskar, 84KaliPleXon3.

AI-analyzed exploit summary This exploit targets Open-AudIT Professional v3.3.1 by injecting a reverse shell payload into the configuration settings and triggering it via a discovery scan. It requires authentication and uses a PATCH request to modify settings, followed by a discovery execution to achieve RCE.

Description

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.

Exploits (2)

nomisec WORKING POC 18 stars

by mhaskar · poc

https://github.com/mhaskar/CVE-2020-12078

View Code ZIP pw:eip

This exploit targets Open-AudIT Professional v3.3.1 by injecting a reverse shell payload into the configuration settings and triggering it via a discovery scan. It requires authentication and uses a PATCH request to modify settings, followed by a discovery execution to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Open-AudIT Professional v3.3.1

Auth required

Prerequisites: Valid credentials for Open-AudIT · Network access to the target · Netcat listener for reverse shell

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by 84KaliPleXon3 · poc

https://github.com/84KaliPleXon3/CVE-2020-12078

View Code ZIP pw:eip

This exploit targets Open-AudIT Professional v3.3.1 by injecting a reverse shell payload into the configuration settings and triggering it via a discovery scan. It requires authentication and uses a PATCH request to modify configuration followed by a discovery execution to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Open-AudIT Professional v3.3.1

Auth required

Prerequisites: Valid credentials for Open-AudIT · Network access to the target · Netcat listener for reverse shell

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

https://gist.github.com/mhaskar/dca62d0f0facc13f6364b8ed88d5a7fd

Exploit, Third Party Advisory x_refsource_misc

https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/

Patch, Third Party Advisory x_refsource_misc

https://github.com/Opmantek/open-audit/commit/6ffc7f9032c55eaa1c37cf5e070809b7211c7e9a

View Patch ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.1000

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

opmantek/open-audit 3.3.1

Published Apr 28, 2020

Tracked Since Feb 18, 2026