{"vulnerability": "CVE-2020-0646", "sightings": [{"uuid": "6d5750fe-5dae-4e35-b822-0daadbb179fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "d0ef5a6f-58c0-49dc-acce-fc87c589677c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:19.000000Z"}, {"uuid": "815ceadc-c2ab-4c41-8b81-6647286f4a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "exploited", "source": "https://www.exploit-db.com/exploits/48275", "content": "", "creation_timestamp": "2020-03-31T00:00:00.000000Z"}, {"uuid": "20a33c67-048b-4388-a253-ab8df80ec913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970978", "content": "", "creation_timestamp": "2024-12-24T20:22:35.064760Z"}, {"uuid": "b974c4e0-6371-477b-bba5-08ddabec1b1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "724ca81d-0a4f-4be4-b77d-a8549a7d1b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:44.000000Z"}, {"uuid": "ea8eaab6-965f-469b-944d-055f39f619ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:20.000000Z"}, {"uuid": "7e0a4f57-231d-4421-8c55-c7a564272cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sharepoint_workflows_xoml.rb", "content": "", "creation_timestamp": "2020-03-25T16:34:46.000000Z"}, {"uuid": "a840917d-3e0b-4439-a567-f3d17f437329", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "MISP/1413a78e-c0b3-4092-97e7-909fb9773448", "content": "", "creation_timestamp": "2025-08-06T13:54:20.000000Z"}, {"uuid": "1393c39e-275b-4477-a644-13b5a89ebdbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-0646", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/342659ae-0139-40e8-8b19-827238116dc9", "content": "", "creation_timestamp": "2026-02-02T12:28:57.224052Z"}, {"uuid": "b601e271-9199-49ab-bc98-246a088fe289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "MISP/1413a78e-c0b3-4092-97e7-909fb9773448", "content": "", "creation_timestamp": "2025-08-14T11:44:24.000000Z"}, {"uuid": "001e506a-2234-4d53-9cb2-6fa7bad3e85c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "seen", "source": "https://t.me/arpsyndicate/1879", "content": "#ExploitObserverAlert\n\nCVE-2020-0646\n\nDESCRIPTION: Exploit Observer has 22 entries related to CVE-2020-0646. A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.\n\nFIRST-EPSS: 0.975210000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-18T01:14:15.000000Z"}, {"uuid": "af397e30-31b1-417e-a14c-7f7675bbf863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/862", "content": "#exploit\n1. CVE-2020-8515:\nDrayTek Vigor 2960 1.3.1, 3900 1.4.4, Vigor 300B 1.3.3, 1.4.2, 1.4.4 devices allow RCE as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI\nhttps://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en\n\n2. CVE-2020-0646:\nSharePoint Workflows XOML Injection\nhttps://www.mdsec.co.uk/2020/01/code-injection-in-workflows-leading-to-sharepoint-rce-cve-2020-0646/?fbclid=IwAR0b4QZxdQKVYN-ES62rdt9yN5MMzfgpK7DkdkbIq44Flm-ODiuqzeIglUQ\n]-> PoC: https://packetstormsecurity.com/files/156930/sharepoint_workflows_xoml.rb.txt", "creation_timestamp": "2024-10-18T16:27:37.000000Z"}, {"uuid": "e5c02a6a-c3ce-4a86-a47b-b1c94707bead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0646", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/18", "content": "CVE-2020-0646 SharePoint RCE\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2020-0646_SharePoint_RCE%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T06:42:55.000000Z"}]}