cbcvebase.
CVE-2020-20601
published 2021-12-22

CVE-2020-20601: An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.60%
93.8th percentile
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

Affected

5 ranges
VendorProductVersion rangeFixed in
thinkcmfthinkcmf
thinkcmfthinkcmf
thinkcmfthinkcmf
thinkcmfthinkcmf
thinkcmfthinkcmf

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?g=g&m=Door&a=index&content=<?php%20echo%20md5('ThinkCMF');
otherd9b2c63a497e2f30c4ad9ad083a00691
  • Detect exploitation attempts by monitoring GET requests to /index.php with query parameters g=g, m=Door, a=index, and a content parameter containing PHP code (e.g., <?php).
  • A successful RCE probe returns HTTP 200 with the string d9b2c63a497e2f30c4ad9ad083a00691 (MD5 of 'ThinkCMF') in the response body, confirming arbitrary PHP code execution.
  • ·The vulnerability affects ThinkCMF X2.2.2 and below; exploitation requires no authentication (PR:N, UI:N per CVSS).

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.