Exploit for Path Traversal in Totvs Fluig

2021-02-11T13:44:40

Description

# Totvs Fluig Platform Fluig is the productivity and ...

{"id": "A164D41E-15FB-5227-821A-1A598CA210F5", "vendorId": null, "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for Path Traversal in Totvs Fluig", "description": "# Totvs Fluig Platform\n \n Fluig is the productivity and ...", "published": "2021-02-11T13:44:40", "modified": "2022-02-22T01:57:13", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0}, "href": "", "reporter": "", "references": [], "cvelist": ["CVE-2020-29134"], "immutableFields": [], "lastseen": "2022-02-22T10:13:54", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:2DA5F4FA-FE54-402C-9F96-2543D41B8B7F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3294"]}, {"type": "cve", "idList": ["CVE-2020-29134"]}], "rev": 4}, "score": {"value": 4.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:2DA5F4FA-FE54-402C-9F96-2543D41B8B7F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3294"]}, {"type": "cve", "idList": ["CVE-2020-29134"]}, {"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}, {"type": "threatpost", "idList": ["THREATPOST:99DC4B497599503D640FDFD9A2DC5FA3"]}]}, "exploitation": null, "vulnersScore": 4.9}, "_state": {"dependencies": 1646396079}, "_internal": {}, "privateArea": 1}

{"checkpoint_advisories": [{"lastseen": "2022-02-16T19:35:02", "description": "A directory traversal vulnerability exists in TOTVS Fluig Platform. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-03-20T00:00:00", "type": "checkpoint_advisories", "title": "TOTVS Fluig Platform Directory Traversal (CVE-2020-29134)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29134"], "modified": "2021-03-20T00:00:00", "id": "CPAI-2020-3294", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T17:21:01", "description": "The TOTVS Fluig platform allows path traversal through the parameter \"file = .. /\" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-03-05T16:15:00", "type": "cve", "title": "CVE-2020-29134", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29134"], "modified": "2021-05-21T20:15:00", "cpe": ["cpe:/a:totvs:fluig:1.7.0", "cpe:/a:totvs:fluig:1.6.4", "cpe:/a:totvs:fluig:1.6.5"], "id": "CVE-2020-29134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29134", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:totvs:fluig:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:totvs:fluig:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:totvs:fluig:1.6.5:*:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2021-07-20T20:10:23", "description": "The TOTVS Fluig platform allows path traversal through the parameter \u201cfile = .. /\u201d encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4\n\n \n**Recent assessments:** \n \n**lucxssouza** at March 24, 2021 6:54pm UTC reported:\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-03-05T00:00:00", "type": "attackerkb", "title": "CVE-2020-29134", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29134"], "modified": "2021-03-13T00:00:00", "id": "AKB:2DA5F4FA-FE54-402C-9F96-2543D41B8B7F", "href": "https://attackerkb.com/topics/X8J1Y1tK7q/cve-2020-29134", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}]}

Exploit for Path Traversal in Totvs Fluig

Description

Related