daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename longjing-technology-bems-api-lfi.yaml to bems-api-lfi.yaml

patch-1
Prince Chaddha 2021-08-03 19:55:25 +05:30 committed by GitHub
parent 5fb6332bd9
commit 28d568b88c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vulnerabilities/other/longjing-technology-bems-api-lfi.yaml → vulnerabilities/other/bems-api-lfi.yaml
View File

@ -1,4 +1,4 @@
id: longjing-technology-bems-api-lfi
id: bems-api-lfi
info:
name: Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download
@ -6,7 +6,7 @@ info:
severity: high
description: The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php
tags: longjing-technology-bems-api,lfi
tags: lfi
requests:
- method: GET