{"vulnerability": "CVE-2020-16952", "sightings": [{"uuid": "ee23ea99-6193-4a4e-813f-cc1b4acd2c63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:25.000000Z"}, {"uuid": "da01ed26-c69c-4bc9-84cd-14c357cff426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "81a3021a-2ddc-447b-837e-28894c45b550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "published-proof-of-concept", "source": "https://t.me/cKure/2560", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 UK NCSC recommends organizations to fix CVE-2020-16952 SharePoint RCE flaw ASAP.\n\nhttps://securityaffairs.co/wordpress/109609/security/ncsc-cve-2020-16952-sharepoint-rce.html", "creation_timestamp": "2020-10-17T16:09:38.000000Z"}, {"uuid": "226d1905-9883-4404-a5d3-45594730069e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sharepoint_ssi_viewstate.rb", "content": "", "creation_timestamp": "2020-10-19T14:32:14.000000Z"}, {"uuid": "0e9a556b-f113-4546-99fa-4cf2ceb0fc7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "https://t.me/BleepingComputer/8342", "content": "UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug\n\nThe U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in\u00a0Microsoft SharePoint Server. [...]\n\nhttps://www.bleepingcomputer.com/news/security/uk-urges-orgs-to-patch-severe-cve-2020-16952-sharepoint-rce-bug/", "creation_timestamp": "2020-10-16T19:37:24.000000Z"}, {"uuid": "63069939-1b9f-4ca0-ae3c-92d551300c41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1913", "content": "#Red_Team_Tactics\n1. Code execution via the Windows Update client (wuauclt)\nhttps://dtm.uk/wuauclt\n2. PoC for MS SharePoint Server 2019 DataFormWebPart CreateChildControls Server-Side Include RCE Vulnerability (CVE-2020-16952)\nhttps://srcincite.io/pocs/cve-2020-16952.py.txt\n3. Exploiting CVE-2020-25213 - wp-file-manager wordpress plugin (<6.9) for unauthenticated arbitrary file upload\nhttps://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8\nPoC:\ncurl -ks --max-time 5 -F \"reqid=17457a1fe6959\" -F \"cmd=upload\" -F \"target=l1_Lw\" -F \"mtime[]=1576045135\" -F \"upload[]=@/$file_upload\" \"hxxps://victim.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php\"\nhttps://github.com/mansoorr123/wp-file-manager-CVE-2020-25213", "creation_timestamp": "2020-12-29T14:05:21.000000Z"}]}