CVE-2020-26886

HIGH

Softaculous <5.5.7 - Privilege Escalation

Title source: llm

Description

Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.

References (3)

[Release Notes, Vendor Advisory] https://www.softaculous.com/board/index.php?tid=17086&title=Softaculous_5.5.7_Launched

[Third Party Advisory] https://vulnerable.af

[Exploit, Mitigation, Third Party Advisory] https://vulnerable.af/posts/cve-2020-26886/

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-665

Status published

Products (1)

softaculous/softaculous < 5.5.7

Published Mar 18, 2021

Tracked Since Feb 18, 2026