CVE-2019-18393
MEDIUM EXPLOITED NUCLEIOpenfire < 4.4.2 - Path Traversal via PluginServlet.java
Title source: llmExploitation Summary
CVE-2019-18393 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including dawetmaster, andikahilmy. A Nuclei detection template is also available.
AI-analyzed exploit summary This repository appears to be a fork or clone of the Openfire project itself, not an exploit PoC. It contains build scripts, Dockerfiles, and source code for Openfire but lacks any exploit code or technical analysis related to CVE-2019-18393.
Description
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Exploits (2)
This repository appears to be a fork or clone of the Openfire project itself, not an exploit PoC. It contains build scripts, Dockerfiles, and source code for Openfire but lacks any exploit code or technical analysis related to CVE-2019-18393.
This repository appears to be a fork or clone of the Openfire project itself, not an exploit PoC. It contains build scripts, Dockerfiles, and source code for Openfire but lacks any exploit code or technical analysis related to CVE-2019-18393.
Nuclei Templates (1)
http.title:"openfire admin console" || http.title:"openfire"
title="openfire" || title="openfire admin console"
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N