Skip to content
/ CVE-2020-11890 Public

CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

63 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HoangKien1020/CVE-2020-11890

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
cve202011890.py
cve202011890.py
 
 

Repository files navigation

Made by HK

CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

Link

https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html

PoC

Affected version: Joomla core before 3.9.17

User requirement: Admin account (Not superadmin)

Gain access: Create a new Superadmin, then trigger RCE.

Remote Code Execution (RCE) in Joomla

Run cve202011890.py with your credentials and access link rce:

image

Guide to use docker such as:

#Step 1:

docker pull hoangkien1020/joomla:3.9.16

#Step 2:

docker run -d --rm -it -p 8080:80 hoangkien1020/joomla:3.9.16

#Step 3: Access your domain/IP with port 8080:

image

Inside this image with credentials

username: password

MySQL: root: root (can access via IP:8080/phpmyadmin)

superadmin:1234 (Super Users)

admin:1234 (Administrator)

hacker:1234 (Manager)

About

CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

Resources

Readme
Activity

Stars

63 stars

Watchers

2 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages