Back to KEVs

CVE-2020-15227

Remote Code Execution vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
June 25, 2020
Published Date
October 01, 2020
Last Updated
August 04, 2024
Vendor
nette
Product
application
Description
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
Tags
php nuclei_scanner

CVSS Scores

CVSS v3.1

8.7 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score
93.79% (Percentile: 99.85%) as of 2025-07-29

Exploit Status

Exploited in the Wild
Yes (2025-07-11 00:00:00 UTC) Source

References

https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 https://packagist.org/packages/nette/application https://packagist.org/packages/nette/nette https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-07-12 12:00:33 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-15227.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

filipsedivy/CVE-2020-15227

Type: github • Created: 2020-11-15 15:30:01 UTC • Stars: 1

CVE-2020-15227 checker

hu4wufu/CVE-2020-15227

Type: github • Created: 2020-10-10 02:38:15 UTC • Stars: 20

CVE-2020-15227 exploit

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel