CVE-2020-20601
CRITICAL EXPLOITED NUCLEIThinkcmf - Code Injection
Title source: ruleDescription
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
Nuclei Templates (1)
ThinkCMF X2.2.2 - Remote Code Execution
CRITICALVERIFIEDby pikpikcu
Scores
CVSS v3
9.8
EPSS
0.5771
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2025-11-05
CWE
CWE-94
Status
published
Products (5)
thinkcmf/thinkcmf
x1.6.0
thinkcmf/thinkcmf
x2.1.0
thinkcmf/thinkcmf
x2.2.0
thinkcmf/thinkcmf
x2.2.1
thinkcmf/thinkcmf
x2.2.2
Published
Dec 22, 2021
Tracked Since
Feb 18, 2026