cve/2020/CVE-2020-6286.md

CVE-2020-6286

Description

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

POC

Reference

No PoCs from references.

Github

• https://github.com/0xT11/CVE-POC
• https://github.com/20142995/sectool
• https://github.com/ARPSyndicate/cvemon
• https://github.com/CVEDB/PoC-List
• https://github.com/CVEDB/awesome-cve-repo
• https://github.com/CVEDB/top
• https://github.com/CnHack3r/Penetration_PoC
• https://github.com/EchoGin404/-
• https://github.com/EchoGin404/gongkaishouji
• https://github.com/GhostTroops/TOP
• https://github.com/JERRY123S/all-poc
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/YIXINSHUWU/Penetration_Testing_POC
• https://github.com/alphaSeclab/sec-daily-2020
• https://github.com/bhdresh/SnortRules
• https://github.com/chipik/SAP_RECON
• https://github.com/cyberanand1337x/bug-bounty-2022
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/duc-nt/CVE-2020-6287-exploit
• https://github.com/hasee2018/Penetration_Testing_POC
• https://github.com/hectorgie/PoC-in-GitHub
• https://github.com/hktalent/TOP
• https://github.com/huike007/penetration_poc
• https://github.com/jbmihoub/all-poc
• https://github.com/lions2012/Penetration_Testing_POC
• https://github.com/murataydemir/CVE-2020-6286
• https://github.com/murataydemir/CVE-2020-6287
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/password520/Penetration_PoC
• https://github.com/pondoksiber/SAP-Pentest-Cheatsheet
• https://github.com/soosmile/POC
• https://github.com/weeka10/-hktalent-TOP
• https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
• https://github.com/xuetusummer/Penetration_Testing_POC
• https://github.com/yedada-wei/-
• https://github.com/yedada-wei/gongkaishouji