CVE-2020-25134 PoC — Observium Professional Enterprise Community 安全漏洞

Source

https://github.com/ynsmroztas/CVE-2020-25134

Associated Vulnerability

Title:Observium Professional Enterprise Community 安全漏洞 (CVE-2020-25134)
Description:Observium是英国observium的一个免费的服务器监控平台。该平台由PHP编写的基于自动发现 SNMP 的网络监控平台，支持非常广泛的网络硬件和操作系统，包括 Cisco、Windows、Linux、HP、NetApp 等等。 Observium Professional, Enterprise & Community 20.8.10631版本中存在安全漏洞，该漏洞源于存在无限限制地加载具有inc.php扩展名的文件的事实，该漏洞允许攻击者遍历目录和进行本地文件攻击。

Description

CVE-2020-25134 Authenticated Local File Inclusion in settings/format

File Snapshot


 [4.0K]  /data/pocs/f09d9c730eacf3a3584ff455d1f07bda1a5ab3fe
├── [3.5K]  CVE-2020-25134
└── [  86]  read.me

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!