CVE-2020-20601
published 2021-12-22CVE-2020-20601: An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.60%
93.8th percentile
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thinkcmf | thinkcmf | — | — |
| thinkcmf | thinkcmf | — | — |
| thinkcmf | thinkcmf | — | — |
| thinkcmf | thinkcmf | — | — |
| thinkcmf | thinkcmf | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring GET requests to /index.php with query parameters g=g, m=Door, a=index, and a content parameter containing PHP code (e.g., <?php). ↗
- →A successful RCE probe returns HTTP 200 with the string d9b2c63a497e2f30c4ad9ad083a00691 (MD5 of 'ThinkCMF') in the response body, confirming arbitrary PHP code execution. ↗
- ·The vulnerability affects ThinkCMF X2.2.2 and below; exploitation requires no authentication (PR:N, UI:N per CVSS). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r2mp-8crc-chh7: An issue in ThinkCMF X2
ghsa_unreviewed·2021-12-24
CVE-2020-20601 [CRITICAL] CWE-74 GHSA-r2mp-8crc-chh7: An issue in ThinkCMF X2
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
VulnCheck
thinkcmf thinkcmf Improper Control of Generation of Code ('Code Injection')
vulncheck·2020·CVSS 9.8
CVE-2020-20601 [CRITICAL] thinkcmf thinkcmf Improper Control of Generation of Code ('Code Injection')
thinkcmf thinkcmf Improper Control of Generation of Code ('Code Injection')
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
Affected: thinkcmf thinkcmf
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2020-20601
No detection rules found.
Nuclei
ThinkCMF X2.2.2 - Remote Code Execution
nuclei·CVSS 9.8
CVE-2020-20601 [CRITICAL] ThinkCMF X2.2.2 - Remote Code Execution
ThinkCMF X2.2.2 - Remote Code Execution
ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets.
Template:
id: CVE-2020-20601
info:
name: ThinkCMF X2.2.2 - Remote Code Execution
author: pikpikcu
severity: critical
description: |
ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets.
impact: |
Unauthenticated attackers can execute arbitrary PHP code on ThinkCMF servers, leading to complete server compromise and access to all website data.
remediation: |
Upgrade to ThinkCMF version X2.2.3 or later.
reference:
- https://www
No writeups or analysis indexed.
2021-12-22
Published
Exploited in the wild