| 제목 | Shanghai Qihui Network Technology Co., Ltd. jtbc5 CMS v5.0.3.6 Directory Traversal |
|---|
| 설명 | A Path Traversal vulnerability (CWE-22) exists in the /dev/code module of JTBC CMS. While the module is originally designed to restrict file access strictly to the CMS's web root (e.g., the /public directory), insufficient validation in the file reading mechanism allows an authenticated attacker to bypass these sandbox restrictions. By using directory traversal sequences (e.g., ../), an attacker can escape the intended web directory and read arbitrary sensitive files across the entire underlying server operating system. |
|---|
| 원천 | ⚠️ https://tcn60zf28jhk.feishu.cn/wiki/CnpvwDdyOi5PXOk8X1fcorudnSv?from=from_copylink |
|---|
| 사용자 | EthX0_ (UID 96627) |
|---|
| 제출 | 2026. 03. 23. PM 02:58 (1 월 ago) |
|---|
| 모더레이션 | 2026. 04. 17. AM 09:00 (25 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358028 [Qihui jtbc5 CMS 5.0.3.6 Code Endpoint manage.php path 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|