.. / CVE-2020-27191

Exploit for LionWiki <3.2.12 - Local File Inclusion (CVE-2020-27191)

Description:

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion.

Nuclei Template

View the template here CVE-2020-27191.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-27191.yaml

References:

http://lionwiki.0o.cz/index.php?page=Main+page
https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi
https://nvd.nist.gov/vuln/detail/CVE-2020-27191
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2020-27191 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for LionWiki <3.2.12 - Local File Inclusion (CVE-2020-27191)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-27191