Primary

Context

Znuny Eval Injection Vulnerability Allowing Command Execution via Backup Script

Vulnerability

Patched

An eval injection vulnerability has been identified in Znuny versions through 7.1.3. This issue allows a user with write access to the configuration file to execute commands as the user running the backup.pl script. In Znuny LTS, this vulnerability affects all versions from 6.5.1 up to 6.5.11 and all versions of Znuny LTS 6.0.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution, potentially allowing privilege escalation if the backup script is run with root or another privileged account.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

10.0

exploitability

3.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Znuny Eval Injection Vulnerability Allowing Command Execution via Backup Script

Vulnerability

Impact

Affected Products

Znuny

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating