提出 #263452: Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download情報

タイトルUnknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download
説明The Download-Station system, specifically versions up to and including 1.1.8, has been identified as having a pre-authentication arbitrary file download vulnerability. This issue is present in the 'index.php' and 'download.php' files of the software, which is available on GitHub. The vulnerability arises due to the 'download.php' file accepting a parameter named 'f' that allows for directory traversal, enabling an attacker to craft a request to download sensitive files such as '/etc/passwd' from the server without proper authorization.
ソース⚠️ https://note.zhaoj.in/share/nHD5xiHQgHG0
ユーザー
 glzjin (UID 59815)
送信2024年01月07日 11:18 (3 年 ago)
モデレーション2024年01月09日 15:24 (2 days later)
ステータス承諾済み
VulDBエントリ250121 [unknown-o download-station 迄 1.1.8 index.php f 情報漏えい]
ポイント20

Do you know our Splunk app?

Download it now for free!