CVE-2020-8641
published 2020-02-05CVE-2020-8641: Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
10.81%
95.3th percentile
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lotus_core_cms_project | lotus_core_cms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to index.php with a page_slug parameter containing directory traversal sequences (e.g., '../') and a null byte (%00) to truncate the .php extension. ↗
- →Exploitation requires authentication (PR:L). Monitor for authenticated sessions making traversal requests via the page_slug parameter. ↗
- →A successful exploitation response will return HTTP 200 and contain the string matching 'root:.*:0:0:' (passwd file content) in the body. ↗
- ·The null byte (%00) truncation technique is required to bypass the .php extension appended by the CMS; this only works on PHP versions where null byte poisoning is effective (typically PHP < 5.3.4). ↗
- ·Only .php files can be included via this LFI vector, limiting the scope of directly readable file types without null byte bypass. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Lotus Core CMS 1.0.1 - Local File Inclusion
nuclei·CVSS 8.8
CVE-2020-8641 [HIGH] Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 - Local File Inclusion
Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter.
Template:
id: CVE-2020-8641
info:
name: Lotus Core CMS 1.0.1 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
remediation: |
Apply the latest security patch or update to Lotus Core CMS 1.0.1 to fix the LFI vulnerability.
reference:
- https://cxsecurity.com/issue/WLB-2020010234
No writeups or analysis indexed.
2020-02-05
Published