제출 #263452: Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download정보

제목Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download
설명The Download-Station system, specifically versions up to and including 1.1.8, has been identified as having a pre-authentication arbitrary file download vulnerability. This issue is present in the 'index.php' and 'download.php' files of the software, which is available on GitHub. The vulnerability arises due to the 'download.php' file accepting a parameter named 'f' that allows for directory traversal, enabling an attacker to craft a request to download sensitive files such as '/etc/passwd' from the server without proper authorization.
원천⚠️ https://note.zhaoj.in/share/nHD5xiHQgHG0
사용자
 glzjin (UID 59815)
제출2024. 01. 07. AM 11:18 (3 연령 ago)
모더레이션2024. 01. 09. PM 03:24 (2 days later)
상태수락
VulDB 항목250121 [unknown-o download-station 까지 1.1.8 index.php f 정보 공개]
포인트들20

Do you need the next level of professionalism?

Upgrade your account now!