CVE-2020-20601
CRITICAL EXPLOITED NUCLEIThinkCMF X2.2.2 and below - Remote Code Execution via Crafted Packet
Title source: llmExploitation Summary
CVE-2020-20601 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
Nuclei Templates (1)
ThinkCMF X2.2.2 - Remote Code Execution
CRITICALVERIFIEDby pikpikcu
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.riskivy.com/thinkcmf-%e6%a1%86%e6%9e%b6%e4%b8%8a%e7%9a%84%e4%bb%bb%e6%84%8f%e5%86%85%e5%ae%b9%e5%8c%85%e5%90%ab%e6%bc%8f%e6%b4%9e/
Scores
CVSS v3
9.8
EPSS
0.0760
EPSS Percentile
93.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2025-11-05
CWE
CWE-94
Status
published
Products (5)
thinkcmf/thinkcmf
x1.6.0
thinkcmf/thinkcmf
x2.1.0
thinkcmf/thinkcmf
x2.2.0
thinkcmf/thinkcmf
x2.2.1
thinkcmf/thinkcmf
x2.2.2
Published
Dec 22, 2021
Tracked Since
Feb 18, 2026