Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-15227 PoC — Nette 代码注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-15227.yaml
Associated Vulnerability
Title:Nette 代码注入漏洞 (CVE-2020-15227)
Description:Nette是个人开发者的一个基于组件的事件驱动 PHP 框架。 Nette 存在代码注入漏洞,该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞生成非法的代码段,修改网络系统或组件的预期的执行控制流。以下产品及版本受到影响:2.0.19版本, 2.1.13版本, 2.2.10版本, 2.3.14版本, 2.4.16版本, 3.0.6版本。
Description
Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework.
File Snapshot

 id: CVE-2020-15227

info:
  name: Nette Framework - Remote Code Execution
  author: becivells
  seve

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.