Security Advisory

CVE-2010-20059

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-20 15:35:08

Last updated 2026-05-15 11:13:29

Assigner VulnCheck

State PUBLISHED

Description

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.

← Browse all CVEs View on cve.org ↗