id: CVE-2020-16952 info: name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE author: dwisiswant0 severity: high description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951. reference: - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 - https://srcincite.io/pocs/cve-2020-16952.py.txt - https://github.com/rapid7/metasploit-framework/blob/1a341ae93191ac5f6d8a9603aebb6b3a1f65f107/documentation/modules/exploit/windows/http/sharepoint_ssi_viewstate.md tags: cve,cve2020,sharepoint,iis classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 7.80 cve-id: CVE-2020-16952 cwe-id: CWE-346 requests: - method: GET path: - "{{BaseURL}}" matchers-condition: and matchers: - type: regex regex: - "15\\.0\\.0\\.(4571|5275|4351|5056)" - "16\\.0\\.0\\.(10337|10364|10366)" # - "16.0.10364.20001" condition: or part: body - type: word words: - "MicrosoftSharePointTeamServices" part: header - type: status status: - 200 - 201 condition: or