Description

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.

INFO

Published Date :

2025-08-20T15:35:08.532Z

Last Modified :

2026-04-07T14:01:47.047Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2010-20059 vulnerability.

Vendors Products
Ixsystems
  • Freenas
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2010-20059.

URL Resource
https://github.com/freenas cve-icon cve-icon
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/freenas_exec_raw.rb cve-icon cve-icon cve-icon
https://sourceforge.net/projects/freenas/ cve-icon cve-icon
https://web.archive.org/web/20101218143110/http://sourceforge.net/projects/freenas/files//stable/0.7.2/NOTES%200.7.2.5543.txt/view cve-icon cve-icon
https://www.exploit-db.com/exploits/16313 cve-icon cve-icon cve-icon
https://www.tenable.com/plugins/nnm/5714 cve-icon cve-icon
https://www.truenas.com/freenas/ cve-icon cve-icon
https://www.vulncheck.com/advisories/freenas-arbitrary-command-execution cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability