CVE-2020-27191
CVE-2020-27191
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 8.4%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
16 Nov 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected products
n/a · n/a