What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.
Explanation of Vulnerability in Simple Terms
RD Station versions up to 5.6.0 contain a code injection vulnerability that allows authenticated users with low privileges to run arbitrary code on the site. The vulnerability affects the entire system due to scope change, meaning an attacker can read sensitive data, modify site content, or disrupt service. A patch version has not been publicly identified.
What an attacker can do
Run arbitrary code on the site, read sensitive data, modify content, or disrupt service.
Potential impact on your site
Any authenticated user can compromise the entire RD Station installation and potentially the underlying server.
Conditions required to exploit
Attacker must have a low-privilege authenticated account; no user interaction required.
Key dates
External resources
Related vulnerabilities