daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-13167.yaml

patch-1
Prince Chaddha 2022-05-17 12:01:37 +05:30 committed by GitHub
parent 0154c517ac
commit 79628a3708
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2020/CVE-2020-13167.yaml
View File

@ -4,7 +4,8 @@ info:
name: Netsweeper <=6.4.3 - Python Code Injection
author: dwisiswant0
severity: critical
description: Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
description: |
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
reference:
- https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
- https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
@ -30,9 +31,9 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "nonexistent"
part: body
- type: status
status: