CVE-2020-35729

CRITICAL NUCLEI

klog_server 2.4.1 - OS Command Injection via User Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2020-35729. PoCs published by Metin Yunus Kandemir, B3KC4T, Al1ex, including Metasploit module exploits/linux/http/klog_server_authenticate_user_unauth_command_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server <= 2.4.1 via the 'user' parameter, which is passed to shell_exec() without validation. It includes a check for vulnerability and executes a command stager for payload delivery.

Description

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metin Yunus Kandemir · rubywebappsphp
https://www.exploit-db.com/exploits/49474

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server <= 2.4.1 via the 'user' parameter, which is passed to shell_exec() without validation. It includes a check for vulnerability and executes a command stager for payload delivery.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Klog Server <= 2.4.1
No auth needed
Prerequisites: Network access to the target server · Klog Server version <= 2.4.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by B3KC4T · pythonwebappsphp
https://www.exploit-db.com/exploits/49366

This exploit demonstrates an unauthenticated command injection vulnerability in Klog Server 2.4.1 by injecting a reverse shell payload into the 'user' parameter of a POST request to the authentication endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Klog Server 2.4.1
No auth needed
Prerequisites: Network access to the target server · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by Al1ex · poc
https://github.com/Al1ex/CVE-2020-35729

This repository contains a functional Python exploit for CVE-2020-35729, an unauthenticated command injection vulnerability in Klog Server 2.4.1. The exploit sends a crafted payload via HTTP POST to the authenticate.php endpoint, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Klog Server 2.4.1
No auth needed
Prerequisites: Network access to the target server · Python environment with requests library
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by b3kc4t, Metin Yunus Kandemir, bcoles · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/klog_server_authenticate_user_unauth_command_injection.rb

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server's `authenticate.php` via the `user` POST parameter, leveraging `shell_exec()` without input validation. It achieves RCE as the apache user and escalates to root via sudo misconfiguration.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Klog Server <= 2.4.1
No auth needed
Prerequisites: Network access to Klog Server on port 443 · Sudo misconfiguration allowing passwordless root access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Klog Server <=2.41 - Unauthenticated Command Injection
CRITICALby dwisiswant0

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.8975
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
klogserver/klog_server 2.4.1
Published Dec 27, 2020
Tracked Since Feb 18, 2026