CVE-2020-13167

CRITICAL EXPLOITED NUCLEI

Netsweeper <6.4.3 - RCE

Title source: llm

Description

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.

Exploits (1)

metasploit WORKING POC EXCELLENT

by wvu · rubypocpython

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netsweeper_webadmin_unixlogin.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Netsweeper <=6.4.3 - Python Code Injection

CRITICALby dwisiswant0

References (1)

[Exploit, Third Party Advisory] https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/

Scores

CVSS v3 9.8

EPSS 0.9279

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-11

CWE

CWE-78

Status published

Products (1)

netsweeper/netsweeper < 6.4.3

Published May 19, 2020

Tracked Since Feb 18, 2026