ADD drupal_6340

2025-05-05 18:27:13 +00:00 · 2020-12-13 20:00:27 +08:00 · 2020-12-13 20:00:27 +08:00 · bcbc91b5b6
commit bcbc91b5b6
parent 099ff419ff
7 changed files with 57 additions and 0 deletions
--- a/Drupal/CVE-2019-6340/CVE-2019-6340.gif
+++ b/Drupal/CVE-2019-6340/CVE-2019-6340.gif
--- a/Drupal/CVE-2019-6340/README.md
+++ b/Drupal/CVE-2019-6340/README.md
@ -0,0 +1,13 @@
+# CVE-2019-6340 Drupal Core Arbitrary PHP Code Execution Vulnerability
+
+Drupal is an open source content management framework (CMF) written in PHP. It consists of a content management system (CMS) and a PHP development framework.
+
+Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.
+
+**Affected version**:  8.5.x before 8.5.11、8.6.x before 8.6.10
+
+**[FOFA](https://fofa.so/result?qbase64=YXBwPSJEcnVwYWwi) query rule**: app="Drupal"
+
+# Demo
+
+![](CVE-2019-6340.gif)
--- a/Nexus/CVE-2019-7238/README.md
+++ b/Nexus/CVE-2019-7238/README.md
@ -0,0 +1,11 @@
+# CVE-2020-24571 NexusDB path traversal
+
+NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
+
+**Affected version**: nexusdb < 4.50.23
+
+**[FOFA](https://fofa.so/result?q=header%3D%22Server%3A+NexusDB%22&qbase64=aGVhZGVyPSJTZXJ2ZXI6IE5leHVzREIi&file=&file=) query rule**: header="Server: NexusDB"
+
+# Demo
+
+![](CVE-2020-24571.gif)
--- a/Seeyon/htmlofficeservlet_uploadfile_getshell/README.md
+++ b/Seeyon/htmlofficeservlet_uploadfile_getshell/README.md
@ -0,0 +1,11 @@
+# CVE-2020-24571 NexusDB path traversal
+
+NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
+
+**Affected version**: nexusdb < 4.50.23
+
+**[FOFA](https://fofa.so/result?q=header%3D%22Server%3A+NexusDB%22&qbase64=aGVhZGVyPSJTZXJ2ZXI6IE5leHVzREIi&file=&file=) query rule**: header="Server: NexusDB"
+
+# Demo
+
+![](CVE-2020-24571.gif)
--- a/Unraid/CVE-2020-5847/README.md
+++ b/Unraid/CVE-2020-5847/README.md
@ -0,0 +1,11 @@
+# CVE-2020-24571 NexusDB path traversal
+
+NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
+
+**Affected version**: nexusdb < 4.50.23
+
+**[FOFA](https://fofa.so/result?q=header%3D%22Server%3A+NexusDB%22&qbase64=aGVhZGVyPSJTZXJ2ZXI6IE5leHVzREIi&file=&file=) query rule**: header="Server: NexusDB"
+
+# Demo
+
+![](CVE-2020-24571.gif)
--- a/WebSphere/CVE-2020-4450/README.md
+++ b/WebSphere/CVE-2020-4450/README.md
@ -0,0 +1,11 @@
+# CVE-2020-24571 NexusDB path traversal
+
+NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
+
+**Affected version**: nexusdb < 4.50.23
+
+**[FOFA](https://fofa.so/result?q=header%3D%22Server%3A+NexusDB%22&qbase64=aGVhZGVyPSJTZXJ2ZXI6IE5leHVzREIi&file=&file=) query rule**: header="Server: NexusDB"
+
+# Demo
+
+![](CVE-2020-24571.gif)
--- a/Western_Digital/Western_Digital_My_Cloud/Western_Digital_My_Cloud_snmp_mgr_rce.gif
+++ b/Western_Digital/Western_Digital_My_Cloud/Western_Digital_My_Cloud_snmp_mgr_rce.gif