Arbitrary OS Command Execution in Logstorage and ELC Analytics

Arbitrary OS Command Execution in Logstorage and ELC Analytics

CVE-2020-5626 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.

Learn more about our Web Application Penetration Testing UK.