.. / CVE-2020-7209

Exploit for LinuxKI Toolset <= 6.01 - Remote Command Execution (CVE-2020-7209)

Description:

LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.

Nuclei Template

View the template here CVE-2020-7209.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-7209.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-7209
http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html
http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
https://www.hpe.com/us/en/home.html
https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2
https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78