CVE-2020-25494

CRITICAL EXPLOITED IN THE WILD

Xinuos OpenServer 5-6 - OS Command Injection via printbook cgi-bin Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-25494 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Ramikan.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in SCO Openserver's printbook CGI script via the 'outputform' and 'toclevels' parameters. The PoC uses time-based delays and DNS lookups to confirm arbitrary command execution.

Description

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.

Exploits (1)

exploitdb WORKING POC
by Ramikan · textwebappssco
https://www.exploit-db.com/exploits/49301

This exploit demonstrates a command injection vulnerability in SCO Openserver's printbook CGI script via the 'outputform' and 'toclevels' parameters. The PoC uses time-based delays and DNS lookups to confirm arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SCO Openserver 5.0.7 and 6
No auth needed
Prerequisites: Network access to the target's CGI endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.3919
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-06-03
InTheWild.io 2021-09-30
CWE
CWE-78
Status published
Products (2)
xinuos/openserver 5.0.7
xinuos/openserver 6.0
Published Dec 18, 2020
Tracked Since Feb 18, 2026