Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26886
Reference (s):
- https://vulnerable.af
- https://vulnerable.af/posts/cve-2020-26886/
- https://www.softaculous.com/board/index.php?tid=17086&title=Softaculous_5.5.7_Launched