CVE-2020-25780 PoC — Commvault CommCell 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-25780.yaml

Associated Vulnerability

Title:Commvault CommCell 路径遍历漏洞 (CVE-2020-25780)
Description:Commvault CommCell是美国Commvault公司的一款应用于企业环境的存储管理工具。 CommCell Commvault 存在路径遍历漏洞，该漏洞源于尝试查看日志文件可以改为查看文件在日志文件文件夹之外。以下产品及版本受到影响：14.68版本, 15.x系列15.58之前版本, 16.x系列16.44之前版本, 17.x系列17.29之前版本, 18.x系列18.13之前版本。

Description

CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder.

File Snapshot


 id: CVE-2020-25780

info:
  name: Commvault CommCell - Local File Inclusion
  author: pdteam
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!