Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27467 PoC — Lfi-ProcessWire Cms 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-27467.yaml
Associated Vulnerability
Title:Lfi-ProcessWire Cms 路径遍历漏洞 (CVE-2020-27467)
Description:Ryan Cramer Design Lfi-ProcessWire Cms是美国Ryan Cramer Design公司的一个免费的内容管理系统 (Cms) 和框架 (Cmf)旨在节省您的时间并按照您的方式工作。 Ryan Cramer Design Lfi-ProcessWire Cms 2.7.1之前版本存在路径遍历漏洞,该漏洞源于index.php中的download参数。
Description
Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php.
File Snapshot

 id: CVE-2020-27467

info:
  name: Processwire CMS <2.7.1 - Local File Inclusion
  author: 0x_Akoko
 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.