CVE-2020-7980

CRITICAL EXPLOITED NUCLEI

Intellian Aptus Web <1.24 - RCE

Title source: llm

Description

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.

Exploits (2)

exploitdb WORKING POC

by Xh4H · pythonwebappshardware

https://www.exploit-db.com/exploits/47976

View Code ZIP pw:eip

nomisec WORKING POC 73 stars

by Xh4H · remote

https://github.com/Xh4H/Satellian-CVE-2020-7980

View Code ZIP pw:eip

Nuclei Templates (1)

Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution

CRITICALby ritikchaddha

Shodan: http.title:"Intellian Aptus Web" || http.title:"intellian aptus web"

FOFA: title="intellian aptus web"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156143/Satellian-1.12-Remote-Code-Execution.html

[Exploit, Third Party Advisory] https://github.com/Xh4H/Satellian-CVE-2020-7980

[Exploit, Third Party Advisory] https://sku11army.blogspot.com/2020/01/intellian-aptus-web-rce-intellian.html

Scores

CVSS v3 9.8

EPSS 0.9384

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-15

CWE

CWE-78

Status published

Products (1)

intelliantech/aptus_web 1.24

Published Jan 25, 2020

Tracked Since Feb 18, 2026