← back
CVE-2020-27191

CVE-2020-27191

EPSS 8.4%
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 8.4%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
16 Nov 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected products
n/a · n/a