CVE-2020-28871

CRITICAL IN THE WILD NUCLEI

Monitorr - Unrestricted File Upload

Title source: rule

Description

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Lyhin\'s Lab · pythonwebappsphp
https://www.exploit-db.com/exploits/48980
metasploit WORKING POC EXCELLENT
rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/monitorr_webshell_rce_cve_2020_28871.rb

Nuclei Templates (1)

Monitorr 1.7.6m - Unauthenticated Remote Code Execution
CRITICALby gy741
Shodan: http.favicon.hash:"-211006074"
FOFA: icon_hash="-211006074"

References (5)

Scores

CVSS v3 9.8
EPSS 0.9392
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

InTheWild.io 2021-04-18
CWE
CWE-434
Status published
Products (1)
monitorr/monitorr 1.7.6m
Published Feb 10, 2021
Tracked Since Feb 18, 2026