cbcvebase.
CVE-2022-38794
published 2022-08-27

CVE-2022-38794: Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.60%
88.0th percentile
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.

Affected

1 ranges
VendorProductVersion rangeFixed in
zaver_projectzaver<= 2020-12-15

Detection & IOCsextracted from sources · hover to see the quote

url/../../../../../../../../etc/passwd
commandGET /..
  • Look for HTTP GET requests containing path traversal sequences (e.g., /../) targeting /etc/passwd in the request URI against Zaver HTTP server instances.
  • A successful exploitation response will return HTTP 200 with a body matching the pattern 'root:[x*]:0:0', indicating /etc/passwd was served.
  • The attack requires no authentication (PR:N, UI:N) and is network-accessible; any unauthenticated GET request with traversal sequences should be flagged.
  • ·Vulnerability is specific to Zaver versions through 2020-12-15 only; later versions or forks may not be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.