exploitDog

CVE-2020-27191

Опубликовано: 16 нояб. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Высокий

Описание

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

http://lionwiki.0o.cz/index.php?page=Main+page
Vendor Advisory
https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi
Exploit
Third Party Advisory
http://lionwiki.0o.cz/index.php?page=Main+page
Vendor Advisory
https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lionwiki:lionwiki:*:*:*:*:*:*:*:*

Версия до 3.2.12 (исключая)

EPSS

Процентиль: 99%

0.73422

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j9vp-hmqw-qv3c

github

больше 3 лет назад

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

EPSS

Процентиль: 99%

0.73422

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo