admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-10148

Browse Source
This commit is contained in:
tardc 2021-01-06 11:08:12 +08:00
parent ee99688861
commit 6116435ec4
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
SolarWinds/CVE-2020-10148/CVE-2020-10148.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 488 KiB

9
SolarWinds/CVE-2020-10148/README.md Normal file
View File

@ -0,0 +1,9 @@
# CVE-2020-10148 SolarWinds Orion Local File Disclosure
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
**[FOFA](https://fofa.so/result?q=app%3D%22Solarwinds-Traffic-Management%22&qbase64=YXBwPSJTb2xhcndpbmRzLVRyYWZmaWMtTWFuYWdlbWVudCI%3D&file=&file=) query rule**: app="Solarwinds-Traffic-Management"
# Demo
![](CVE-2020-10148.gif)