CVE-2020-14011

CRITICAL

Lansweeper <7.2.x - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14011. PoCs published by Amel BOUZIANE-LEBLOND.

AI-analyzed exploit summary The writeup describes an incorrect access control vulnerability in Lansweeper 6.0.x through 7.2.x, where the default installation allows unauthorized access to the admin account, leading to remote code execution via the 'Add New Package' and 'Scheduled Deployments' features.

Description

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.

Exploits (1)

exploitdb WRITEUP
by Amel BOUZIANE-LEBLOND · textlocalwindows
https://www.exploit-db.com/exploits/48618

The writeup describes an incorrect access control vulnerability in Lansweeper 6.0.x through 7.2.x, where the default installation allows unauthorized access to the admin account, leading to remote code execution via the 'Add New Package' and 'Scheduled Deployments' features.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Lansweeper 6.0.x through 7.2.x
No auth needed
Prerequisites: Default installation of Lansweeper with 'Built-in admin' enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://pastebin.com/EUkMx94X

Scores

CVSS v3 9.8
EPSS 0.2947
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-1188
Status published
Products (1)
lansweeper/lansweeper 6.0.0.19 - 7.2.108.6
Published Jun 15, 2020
Tracked Since Feb 18, 2026