CVE-2020-5741
Plex Media Server Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
72.8%
p99
KEV
YES
Mar 10, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Plex / Media Server
Vulnerability
Plex Media Server Remote Code Execution Vulnerability
Added to KEV
Mar 10, 2023
Remediate by
Mar 31, 2023
Known ransomware use
No
Summary description
Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.
Required action
Apply updates per vendor instructions.
Notes
https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741
No related CVEs by CWE or product.