CVE-2020-5847

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access. Vendor/Product: Unraid Unraid. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.