CVE-2020-6756

CRITICAL

Rasilient Pixelstor 5000 Firmware - OS Command Injection

Title source: rule

Description

languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.

Exploits (1)

exploitdb WORKING POC

by .:UND3R:. · pythonwebappsphp

https://www.exploit-db.com/exploits/47899

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.html

[Exploit, Third Party Advisory] https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/

Scores

CVSS v3 9.8

EPSS 0.1183

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

rasilient/pixelstor_5000_firmware 4.0.1580-20150629

Published Jan 09, 2020

Tracked Since Feb 18, 2026