CVE-2020-0618

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft...

Basic Information

CVE State: PUBLISHED
Reserved Date: November 04, 2019
Published Date: February 11, 2020
Last Updated: September 21, 2024
Vendor: Microsoft
Product: Microsoft SQL Server, Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)
Description: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Source	Added Date
CISA	2024-09-18 00:00:00 UTC

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ssrs_navcorrector_viewstate.rb	2025-04-29 11:01:39 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-0618.yaml	2025-04-26 00:00:00 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: metasploit • Created: Unknown

Metasploit module for CVE-2020-0618

Type: github • Created: 2022-05-13 08:58:16 UTC • Stars: 2

Melissa

Type: github • Created: 2020-02-15 06:40:23 UTC • Stars: 199

SQL Server Reporting Services(CVE-2020-0618)中的RCE