Security Advisory

CVE-2020-36904

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-31 18:39:08

Last updated 2026-01-02 20:16:14

Assigner VulnCheck

State PUBLISHED

Description

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands.

← Browse all CVEs View on cve.org ↗