जमा करें #263452: Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file downloadजानकारी

शीर्षकUnknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download
विवरणThe Download-Station system, specifically versions up to and including 1.1.8, has been identified as having a pre-authentication arbitrary file download vulnerability. This issue is present in the 'index.php' and 'download.php' files of the software, which is available on GitHub. The vulnerability arises due to the 'download.php' file accepting a parameter named 'f' that allows for directory traversal, enabling an attacker to craft a request to download sensitive files such as '/etc/passwd' from the server without proper authorization.
स्रोत⚠️ https://note.zhaoj.in/share/nHD5xiHQgHG0
उपयोगकर्ता
 glzjin (UID 59815)
सबमिशन07/01/2024 11:18 AM (3 साल पहले)
संयम09/01/2024 03:24 PM (2 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि250121 [unknown-o download-station तक 1.1.8 index.php f सूचना का प्रकटीकरण]
अंक20

Want to know what is going to be exploited?

We predict KEV entries!