Update and rename CVE-2018-14918.yaml to cves/2018/CVE-2018-14918.yaml
parent
5f3650aa5b
commit
d4178bbc14
|
@ -4,7 +4,8 @@ info:
|
||||||
name: LOYTEC LGATE-902 6.3.2 - Directory Traversal
|
name: LOYTEC LGATE-902 6.3.2 - Directory Traversal
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The path traversal (CVE-2018-14918) and file deletion (CVE-2018-14916) vulnerabilities allow an attacker to manipulate path references and access or delete files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read or delete system and configuration files containing, e.g., usernames and passwords.
|
description: |
|
||||||
|
The path traversal (CVE-2018-14918) allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords.
|
||||||
reference:
|
reference:
|
||||||
- https://seclists.org/fulldisclosure/2019/Apr/12
|
- https://seclists.org/fulldisclosure/2019/Apr/12
|
||||||
- https://www.cvedetails.com/cve/CVE-2018-14918/
|
- https://www.cvedetails.com/cve/CVE-2018-14918/
|
||||||
|
@ -13,7 +14,10 @@ info:
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2018-14918
|
cve-id: CVE-2018-14918
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
tags: lgate,cve2018,loytec,lfi,cve
|
metadata:
|
||||||
|
verified: true
|
||||||
|
shodan-query: http.html:"LGATE-902"
|
||||||
|
tags: cve,cve2018,lgate,loytec,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
@ -22,6 +26,10 @@ requests:
|
||||||
|
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- "root:.*:0:0:"
|
- "root:.*:0:0:"
|
||||||
part: body
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue