An any file download vulnerability in the download function of GDidees CMS 3.9.1 allows unauthorized attackers to traverse files and download.
Incorrect Access Control
GDidees
GDidees CMS - 3.9.1 and lower versions
GDidees CMS uses an third-party application (roxy fileman 1.4.6) for their download feature, this download application is vulnerable to CVE-2018-12042. the vulnerable file is 'download.php' located at {webroot}/_admin/ckeditor/plugins/ckfinder/php
Remote
true
The attacker can traverse the file and download it. The URL for downloading the file is: http://{URL-of_GDidees}/_admin/ckeditor/plugins/ckfinder/php/download.php?f=/userfiles/uploadfiles/stat/../../../../../../../{filename}
1.Creating Test Files on C Disk