提交 #263452: Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download信息

标题Unknown-O Download-Station ≤1.1.8 Pre-authentication arbitrary file download
描述The Download-Station system, specifically versions up to and including 1.1.8, has been identified as having a pre-authentication arbitrary file download vulnerability. This issue is present in the 'index.php' and 'download.php' files of the software, which is available on GitHub. The vulnerability arises due to the 'download.php' file accepting a parameter named 'f' that allows for directory traversal, enabling an attacker to craft a request to download sensitive files such as '/etc/passwd' from the server without proper authorization.
来源⚠️ https://note.zhaoj.in/share/nHD5xiHQgHG0
用户
 glzjin (UID 59815)
提交2024-01-07 11時18分 (3 年前)
管理2024-01-09 15時24分 (2 days later)
状态已接受
VulDB条目250121 [unknown-o download-station 直到 1.1.8 index.php f 信息公开]
积分20

Might our Artificial Intelligence support you?

Check our Alexa App!