admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-13942

Browse Source
This commit is contained in:
tardc 2020-11-26 18:31:12 +08:00
parent b23ae4f252
commit 4253125256
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Unomi/CVE-2020-13942/CVE-2020-13942.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 569 KiB

11
Unomi/CVE-2020-13942/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2020-13942 Apache Unomi RCE
Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
**Affected version**: Apache Unomi <= 1.5.1
**[FOFA](https://fofa.so/result?q=title%3D%22Apache+Unomi+Welcome+Page%22&qbase64=dGl0bGU9IkFwYWNoZSBVbm9taSBXZWxjb21lIFBhZ2Ui&file=&file=) query rule**: title="Apache Unomi Welcome Page"
# Demo
![](CVE-2020-13942.gif)