CVE-2020-7980

Description

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.

NVD
Severity: CRITICAL
CVE ID: CVE-2020-7980
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-7980

Refrence: Project Discovery GitHub

Xh4H

PoC script that shows RCE vulnerability over Intellian Satellite controller

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept