KEVIntel
PRO Back to KEVs
8.7
CVSS
High

CVE-2020-15227

PUBLISHED

Remote Code Execution vulnerability

PoC available Remote No user interaction
Vendor
nette
Product
application
Published
Oct 01, 2020
EPSS

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.

nuclei_scanner

Weaknesses (CWE)

  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSS scores

CVSS v3.1 8.7 High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Exploitation status

Proof of concept available

Recorded 2020-10-10 02:38:15 UTC · GitHub

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) First 2025-07-11 00:00 UTC

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-15227.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

filipsedivy/CVE-2020-15227

github · Created 2020-11-15 15:30:01 UTC · 1 stars

CVE-2020-15227 checker

hu4wufu/CVE-2020-15227

github · Created 2020-10-10 02:38:15 UTC · 20 stars

CVE-2020-15227 exploit

Langriklol/CVE-2020-15227

github · Created 2020-10-09 13:13:14 UTC · 1 stars

CVE-2020-15227 exploit

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel