Gửi #263452: Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file downloadthông tin

tiêu đềUnknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download
Mô tảThe Download-Station system, specifically versions up to and including 1.1.8, has been identified as having a pre-authentication arbitrary file download vulnerability. This issue is present in the 'index.php' and 'download.php' files of the software, which is available on GitHub. The vulnerability arises due to the 'download.php' file accepting a parameter named 'f' that allows for directory traversal, enabling an attacker to craft a request to download sensitive files such as '/etc/passwd' from the server without proper authorization.
Nguồn⚠️ https://note.zhaoj.in/share/nHD5xiHQgHG0
Người dùng
 glzjin (UID 59815)
Đệ trình07/01/2024 11:18 (cách đây 3 những năm)
Kiểm duyệt09/01/2024 15:24 (2 days later)
Trạng tháiđược chấp nhận
Mục VulDB250121 [unknown-o download-station đến 1.1.8 index.php f tiết lộ thông tin]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!