Submeter #381444: juzaweb.com juzaweb cms v3.4.2 Arbitrary File Readinformação

Títulojuzaweb.com juzaweb cms v3.4.2 Arbitrary File Read
DescriçãoAfter logging into the administrator account, an attacker can modify the website templates through the "/admin-cp/theme/editor/default" page. By utilizing the source and include functions in Twig templates, the attacker can read files. Furthermore, due to the lack of strict filtering on the input file paths, the attacker can achieve arbitrary file reading using directory traversal techniques. ------POC------ {{ source('../../../../../../../../../../../../../../etc/passwd') }}
Fonte⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md
Utilizador
 Dee.Mirage (UID 71702)
Submissão29/07/2024 01h56 (há 2 anos)
Moderação06/08/2024 08h41 (8 days later)
EstadoAceite
Entrada VulDB273696 [juzaweb CMS até 3.4.2 Theme Editor default Travessia de Diretório]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!