CVE-2020-37027 | THREATINT

Description

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.

PUBLISHED Reserved 2026-01-28 | Published 2026-01-30 | Updated 2026-02-03 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

0.1

affected

Credits

bdrake finder

References

www.exploit-db.com/exploits/48646 (ExploitDB-48646) exploit

web.archive.org/web/20190722085652/https://sickbeard.com/ (Archived Sickbeard Official Homepage) product

github.com/midgetspy/Sick-Beard (Sickbeard GitHub Repository) product

www.vulncheck.com/...ries/sickbeard-remote-command-injection (VulnCheck Advisory: Sickbeard 0.1 - Remote Command Injection) third-party-advisory

cve.org (CVE-2020-37027)

nvd.nist.gov (CVE-2020-37027)

Download JSON