CVE-2020-27191
HIGH NUCLEILionWiki < 3.2.12 - Unauthenticated Local File Inclusion via index.php f1 Variable
Title source: llmExploitation Summary
CVE-2020-27191 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Nuclei Templates (1)
LionWiki <3.2.12 - Local File Inclusion
HIGHby 0x_Akoko
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://lionwiki.0o.cz/index.php?page=Main+page
Exploit, Third Party Advisory x_refsource_misc
https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi
Scores
CVSS v3
7.5
EPSS
0.0836
EPSS Percentile
94.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (1)
lionwiki/lionwiki
< 3.2.12
Published
Nov 16, 2020
Tracked Since
Feb 18, 2026