Command Injection Vulnerability in SABnzbd Web Configuration Interface

Command Injection Vulnerability in SABnzbd Web Configuration Interface

CVE-2020-13124 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.

Learn more about our Web App Pen Testing.