VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 27, 2020· Updated Aug 4, 2024

CVE-2020-11941

CVE-2020-11941

Description

An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OS command injection in Open-AudIT 3.2.2 Discovery allows authenticated attackers to execute arbitrary commands.

Vulnerability

Open-AudIT version 3.2.2 contains an OS command injection vulnerability in the Discovery functionality. The vulnerability allows an attacker to inject arbitrary operating system commands via crafted input. The affected version is 3.2.2. [1]

Exploitation

An attacker must have authenticated access to the Open-AudIT web interface. The attacker can send a specially crafted request to the Discovery endpoint, injecting commands that are executed by the server. No additional privileges are required beyond standard user authentication. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary OS commands on the underlying server, leading to full compromise of the system, including data exfiltration, modification, or denial of service. The attacker gains the privileges of the web server user. [1]

Mitigation

The vendor released Open-AudIT version 3.3.0, which addresses this vulnerability. Users should upgrade to version 3.3.0 or later. No workarounds are documented in the available references. [1]

References
  1. Release Notes for Open-AudIT v3.3.0 - Open-AudIT

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.