daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: vulnerabilities/other/lotuscms-rce.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-30 09:46:17 -04:00
parent 9f8bd21e1d
commit a604bfaa3d
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
vulnerabilities/other/lotuscms-rce.yaml
View File

@ -1,11 +1,17 @@
id: lotuscms-rce
info:
name: LotusCMS 3.0 eval() RCE
name: LotusCMS 3.0 - Remote Code Execution
author: pikpikcu
severity: critical
description: LotusCMS 3.0 is susceptible to remote code execution via the Router () function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution.
reference:
- https://github.com/Hood3dRob1n/LotusCMS-Exploit
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id:
cwe-id: CWE-77
tags: lotuscms,rce
requests:
@ -28,4 +34,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/05/30