diff --git a/.appsec-tests/vpatch-CVE-2020-5847/CVE-2020-5847.yaml b/.appsec-tests/vpatch-CVE-2020-5847/CVE-2020-5847.yaml new file mode 100644 index 00000000000..765a7521948 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2020-5847/CVE-2020-5847.yaml @@ -0,0 +1,17 @@ +## autogenerated on 2026-04-08 13:19:24 +id: CVE-2020-5847 +info: + name: CVE-2020-5847 + author: crowdsec + severity: info + description: CVE-2020-5847 testing + tags: appsec-testing +http: + - method: GET + path: + - "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20echo%20md5(%22CVE-2020-5847%22);%20?%3E" + cookie-reuse: true + matchers: + - type: status + status: + - 403 diff --git a/.appsec-tests/vpatch-CVE-2020-5847/config.yaml b/.appsec-tests/vpatch-CVE-2020-5847/config.yaml new file mode 100644 index 00000000000..b2219636aa3 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2020-5847/config.yaml @@ -0,0 +1,5 @@ +## autogenerated on 2026-04-08 13:19:24 +appsec-rules: + - ./appsec-rules/crowdsecurity/base-config.yaml + - ./appsec-rules/crowdsecurity/vpatch-CVE-2020-5847.yaml +nuclei_template: CVE-2020-5847.yaml diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2020-5847.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2020-5847.yaml new file mode 100644 index 00000000000..a51e895a994 --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2020-5847.yaml @@ -0,0 +1,35 @@ +## autogenerated on 2026-04-08 13:19:24 +name: crowdsecurity/vpatch-CVE-2020-5847 +description: 'Detects UnRaid <=6.80 remote code execution via crafted site[x][text] parameter in green-on.png endpoint.' +rules: + - and: + - zones: + - URI + transform: + - lowercase + - urldecode + match: + type: contains + value: '/webgui/images/green-on.png' + - zones: + - ARGS + variables: + - 'site[x][text]' + transform: + - lowercase + - urldecode + match: + type: contains + value: '