From 4fa525b8133bab1738ee1ba2c0302bab4949faee Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Mon, 16 May 2022 13:37:08 -0400 Subject: [PATCH] Enhancement: cves/2020/CVE-2020-13167.yaml by mp --- cves/2020/CVE-2020-13167.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/cves/2020/CVE-2020-13167.yaml b/cves/2020/CVE-2020-13167.yaml index b66327cc8f..558026cb78 100644 --- a/cves/2020/CVE-2020-13167.yaml +++ b/cves/2020/CVE-2020-13167.yaml @@ -1,14 +1,14 @@ id: CVE-2020-13167 info: - name: Netsweeper WebAdmin unixlogin.php Python Code Injection + name: Netsweeper <=6.4.3 - Python Code Injection author: dwisiswant0 severity: critical - description: Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and - allows injection of shell metacharacters. + description: Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. reference: - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says + - classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -37,3 +37,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/16