mirror of https://github.com/qwqdanchun/Goby.git
43 lines
1.2 KiB
JSON
43 lines
1.2 KiB
JSON
|
{
|
||
|
"Name": "ACME mini_httpd Arbitrary File Read (CVE-2018-18778)",
|
||
|
"Description": "ACME mini_httpd before 1.30 lets remote users read arbitrary files.",
|
||
|
"Product": "mini_httpd",
|
||
|
"Homepage": "https://acme.com/software/mini_httpd/",
|
||
|
"DisclosureDate": "2018-10-29",
|
||
|
"Author": "itardc@163.com",
|
||
|
"FofaQuery": "app=\"mini_httpd\"",
|
||
|
"GobyQuery": "app=\"mini_httpd\"",
|
||
|
"Level": "2",
|
||
|
"Impact": "",
|
||
|
"Recommendation": "",
|
||
|
"References": [
|
||
|
"http://www.acme.com/software/mini_httpd/",
|
||
|
"https://nosec.org/home/detail/1926.html",
|
||
|
"https://github.com/vulhub/vulhub/tree/master/mini_httpd/CVE-2018-18778",
|
||
|
"https://nvd.nist.gov/vuln/detail/CVE-2018-18778",
|
||
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18778"
|
||
|
],
|
||
|
"HasExp": true,
|
||
|
"ExpParams": [
|
||
|
{
|
||
|
"name": "file",
|
||
|
"type": "createSelect",
|
||
|
"value": "/etc/passwd,/etc/hosts",
|
||
|
"show": ""
|
||
|
}
|
||
|
],
|
||
|
"ScanSteps": null,
|
||
|
"ExploitSteps": null,
|
||
|
"Tags": ["fileread"],
|
||
|
"CVEIDs": [
|
||
|
"CVE-2018-18778"
|
||
|
],
|
||
|
"CVSSScore": "6.5",
|
||
|
"AttackSurfaces": {
|
||
|
"Application": null,
|
||
|
"Support": null,
|
||
|
"Service": ["mini_httpd"],
|
||
|
"System": null,
|
||
|
"Hardware": null
|
||
|
}
|
||
|
}
|