.. / CVE-2020-19625

Exploit for Gridx 1.3 - Remote Code Execution (CVE-2020-19625)

Description:

Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter.

Nuclei Template

View the template here CVE-2020-19625.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-19625.yaml

References:

https://github.com/Elsfa7-110/kenzer-templates
https://github.com/oria/gridx/issues/433
http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf
https://nvd.nist.gov/vuln/detail/CVE-2020-19625
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2020-19625 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Gridx 1.3 - Remote Code Execution (CVE-2020-19625)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-19625