Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:15 p.m.15 views

CVE-2020-13166

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...

9.8CVSS7.9AI score0.77635EPSS
Exploits5
0day.today
0day.today
added 2020/05/26 12:0 a.m.129 views

Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

9.8CVSS0.7AI score0.77635EPSS
Exploits5
Circl
Circl
added 2020/05/22 4:3 p.m.32 views

CVE-2020-13166

creationtimestamp| type| source ---|---|--- 2020-05-22 16:03:00+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/pleskmylittleadminviewstate.rb 2020-05-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48513 2022-12-09...

9.8CVSS8.4AI score0.77635EPSS
Exploits5References3
Packet Storm
Packet Storm
added 2020/05/22 12:0 a.m.365 views

Plesk / myLittleAdmin ViewState .NET Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

7.5CVSS0.6AI score0.77635EPSS
Exploits5
OSV
OSV
added 2020/05/19 8:15 p.m.2 views

CVE-2020-13166

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...

9.8CVSS6.1AI score0.77635EPSS
Exploits5References2
CVE
CVE
added 2020/05/19 7:29 p.m.228 views

CVE-2020-13166

CVE-2020-13166 affects MyLittleAdmin 3.8 and earlier when the web.config contains a hardcoded machineKey shared among installations. This enables unauthenticated remote code execution via serialized ASP.NET code through the ViewState/ deserialization pathway. Public references describe an in-brow...

9.8CVSS9.8AI score0.77635EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder