Skip to content
/ CVE-2020-11890 Public
forked from HoangKien1020/CVE-2020-11890

CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

akarealemil/CVE-2020-11890

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.md
README.md
 
 
cve202011890.py
cve202011890.py
 
 

Repository files navigation

CVE-2020-11890

Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

This exploit can cause you to gain Super Admin by creating a new account.

Link

https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html

PoC

User Requirements

  • A standard Admin account; not a Superadmin account.

Affected Versions

Joomla Core before version 3.9.17

Gain access: Create a new Superadmin, then trigger RCE.

Remote Code Execution (RCE) in Joomla

Run cve202011890.py with your credentials and access link rce:

image

Original code by: https://github.com/HoangKien1020/CVE-2020-11890 Forked by Emil

About

CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%