.. / CVE-2020-8163

• RCE
• Nuclei
• Web

Exploit for Ruby on Rails <5.0.1 - Remote Code Execution (CVE-2020-8163)

Description:

Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials.

Nuclei Template

View the template here CVE-2020-8163.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-8163.yaml

References: