Submeter #263452: Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file downloadinformação

TítuloUnknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download
DescriçãoThe Download-Station system, specifically versions up to and including 1.1.8, has been identified as having a pre-authentication arbitrary file download vulnerability. This issue is present in the 'index.php' and 'download.php' files of the software, which is available on GitHub. The vulnerability arises due to the 'download.php' file accepting a parameter named 'f' that allows for directory traversal, enabling an attacker to craft a request to download sensitive files such as '/etc/passwd' from the server without proper authorization.
Fonte⚠️ https://note.zhaoj.in/share/nHD5xiHQgHG0
Utilizador
 glzjin (UID 59815)
Submissão07/01/2024 11h18 (há 3 anos)
Moderação09/01/2024 15h24 (2 days later)
EstadoAceite
Entrada VulDB250121 [unknown-o download-station até 1.1.8 index.php f Divulgação de Informação]
Pontos20

Interested in the pricing of exploits?

See the underground prices here!