Unraid 6.8.0 Authentication Bypass / Arbitrary Code Execution
Posted on 17 April 2020
This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.
