daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2019-12276.yaml

patch-1
Prince Chaddha 2022-06-20 23:02:16 +05:30 committed by GitHub
parent 505c2c0e4a
commit 8ea5ef71a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2019/CVE-2019-12276.yaml
View File

@ -4,8 +4,10 @@ info:
name: GrandNode 4.40 - Local File Inclusion
author: daffainfo
severity: high
description: GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
remediation: A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
description: |
GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
remediation: |
A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
reference:
- https://security401.com/grandnode-path-traversal/
- https://grandnode.com
@ -16,7 +18,7 @@ info:
cvss-score: 7.5
cve-id: CVE-2019-12276
cwe-id: CWE-22
tags: cve,cve2019,lfi
tags: cve,cve2019,lfi,grandnode
requests:
- method: GET