CVE-2020-37027

CRITICAL

Sickbeard alpha - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37027. PoCs published by bdrake.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Sickbeard 0.1 by setting malicious commands in the 'Extra Scripts' field and triggering them via episode processing. The PoC demonstrates RCE by downloading and executing a reverse shell script.

Description

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.

Exploits (1)

exploitdb WORKING POC
by bdrake · pythonwebappshardware
https://www.exploit-db.com/exploits/48646

This exploit leverages a command injection vulnerability in Sickbeard 0.1 by setting malicious commands in the 'Extra Scripts' field and triggering them via episode processing. The PoC demonstrates RCE by downloading and executing a reverse shell script.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Sickbeard 0.1 (alpha master git: 31ceaf1b5cab1884a280fe3f4609bdc3b1fb3121)
No auth needed
Prerequisites: Network access to Sickbeard instance · Default or no authentication configured
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48646
Various Sources product
https://github.com/midgetspy/Sick-Beard

Scores

CVSS v3 9.8
EPSS 0.0226
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Published Jan 30, 2026
Tracked Since Feb 18, 2026