### [CVE-2020-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10148)
![](https://img.shields.io/static/v1?label=Product&message=Orion%20Platform&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2019.4%20HF%205%3D%202019.4%20HF%205%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen)

### Description

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0ps/pocassistdb
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/B1anda0/CVE-2020-10148
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Hatcat123/my_stars
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Live-Hack-CVE/CVE-2020-10148
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SexyBeast233/SecBooks
- https://github.com/The-Cracker-Technology/jaeles
- https://github.com/Udyz/CVE-2020-10148-Solarwinds-Orion
- https://github.com/XRSec/AWVS14-Update
- https://github.com/Z0fhack/Goby_POC
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/jaeles-project/jaeles
- https://github.com/jaeles-project/jaeles-signatures
- https://github.com/jweny/pocassistdb
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rdoix/CVE-2020-10148-Solarwinds-Orion
- https://github.com/sobinge/nuclei-templates
- https://github.com/soosmile/POC
- https://github.com/tzwlhack/Vulnerability
- https://github.com/webexplo1t/Jaeles