CVE-2020-15227

HIGH EXPLOITED NUCLEI

Nette <2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 - Code Injection

Title source: llm

Description

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

Exploits (3)

nomisec WORKING POC 20 stars

by hu4wufu · remote

https://github.com/hu4wufu/CVE-2020-15227

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by filipsedivy · remote

https://github.com/filipsedivy/CVE-2020-15227

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Langriklol · remote

https://github.com/Langriklol/CVE-2020-15227

View Code ZIP pw:eip

Nuclei Templates (1)

Nette Framework - Remote Code Execution

CRITICALVERIFIEDby becivells

FOFA: app="nette-Framework" || app="nette-framework"

References (4)

[Third Party Advisory] https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html

[Third Party Advisory] https://packagist.org/packages/nette/application

[Third Party Advisory] https://packagist.org/packages/nette/nette

Scores

CVSS v3 8.7

EPSS 0.9379

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Details

VulnCheck KEV 2020-10-12

CWE

CWE-74 CWE-94

Status published

Products (3)

debian/debian_linux 9.0

nette/application 2.0.0 - 2.0.19

nette/application 2.2.0 - 2.2.10Packagist

Published Oct 01, 2020

Tracked Since Feb 18, 2026