Finding #29 — CVE-2020-5849

Inventory item	php-test 8.3.31 (software, php)
Title	Unraid Unraid: Unraid Remote Code Execution Vulnerability
Match	keyword / confidence low
Status	new
First seen	2026-06-11T07:35:11Z
Last updated	2026-06-11T07:35:11Z
CVE	CVE-2020-5849 KEV since 2021-11-03
CVSS	7.5 (HIGH) `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
Description	Unraid 6.8.0 allows authentication bypass.
Source advisory	Unraid Unraid: Unraid Remote Code Execution Vulnerability Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
References	http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html https://forums.unraid.net/forum/7-announcements/ https://sysdream.com/news/lab/ https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ http://packetstormsecurity.com/files/157275/Unraid-6.8.0-Authentication-Bypass-Arbitrary-Code-Execution.html https://forums.unraid.net/forum/7-announcements/ https://sysdream.com/news/lab/ https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5849

Update status