CVE-2021-28377
published 2022-01-12CVE-2021-28377: ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
PriorityP349medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
8.23%
94.2th percentile
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chronoengine | chronoforums | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd↗
- →Detect unauthenticated GET requests to the ChronoForums avatar endpoint with 'tvout=file' and path traversal sequences in the 'av' parameter. ↗
- →A successful exploitation returns HTTP 200 with content matching 'root:.*:0:0:' in the response body, indicating /etc/passwd file disclosure. ↗
- →The vulnerability is unauthenticated — no session or credentials are required to exploit the path traversal via the avatar function. ↗
- →Attackers may target the Joomla! configuration file (which contains credentials) via the same traversal vector. ↗
- ·The traversal depth used in the PoC is 7 levels (../../../../../../..), which may need to be adjusted depending on the server's directory depth for the Joomla! installation. ↗
- ·The exploit requires no authentication (PR:N, UI:N per CVSS), meaning it is exploitable by any unauthenticated remote attacker against exposed Joomla! instances running ChronoForums 2.0.11. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Joomla! ChronoForums 2.0.11 - Local File Inclusion
nuclei·CVSS 5.3
CVE-2021-28377 [MEDIUM] Joomla! ChronoForums 2.0.11 - Local File Inclusion
Joomla! ChronoForums 2.0.11 - Local File Inclusion
Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
Template:
id: CVE-2021-28377
info:
name: Joomla! ChronoForums 2.0.11 - Local File Inclusion
author: 0x_Akoko
severity: medium
description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.
impact: |
The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing
2022-01-12
Published