CVE-2020-29311
CRITICALubilling 1.0.9 - Remote Command Execution via Config File Injection
Title source: llmDescription
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/mhaskar/bfa9c2c799fca6697bcc6a213d08cb3e
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/1smOjvenPB-nE0PyIxnfujCT4KcxxkeWV/view?usp=sharing
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/1iLMFSbY8x1CXIf0uFntovY6yZ7N24dQA/view?usp=sharing
Scores
CVSS v3
9.8
EPSS
0.0629
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
CWE-78
Status
published
Products (1)
ubilling/ubilling
1.0.9
Published
Dec 10, 2020
Tracked Since
Feb 18, 2026