Critical severityNVD Advisory· Published Aug 20, 2025· Updated Apr 15, 2026

CVE-2010-20059

Description

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/freenas_exec_raw.rbnvd
sourceforge.net/projects/freenas/nvd
web.archive.org/web/20101218143110/http://sourceforge.net/projects/freenas/files//stable/0.7.2/NOTES%200.7.2.5543.txt/viewnvd
www.exploit-db.com/exploits/16313nvd
www.tenable.com/plugins/nnm/5714nvd
www.truenas.com/freenas/nvd
www.vulncheck.com/advisories/freenas-arbitrary-command-executionnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.039
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000