Skip to content

726232111/GDideesCMS-DirectoryTraversal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

img

img

 
 

.gitattributes

.gitattributes

 
 

README.md

README.md

 
 

Repository files navigation

[Descrisption]

An any file download vulnerability in the download function of GDidees CMS 3.9.1 allows unauthorized attackers to traverse files and download.

[Vulnerability Type]

Incorrect Access Control

[Vendor of Product]

GDidees

[Affected Product Code Base]

GDidees CMS - 3.9.1 and lower versions

[Affected Component]

GDidees CMS uses an third-party application (roxy fileman 1.4.6) for their download feature, this download application is vulnerable to CVE-2018-12042. the vulnerable file is 'download.php' located at {webroot}/_admin/ckeditor/plugins/ckfinder/php

[Attack Type]

Remote

[Any file download]

true

[Attack Vectors]

The attacker can traverse the file and download it. The URL for downloading the file is: http://{URL-of_GDidees}/_admin/ckeditor/plugins/ckfinder/php/download.php?f=/userfiles/uploadfiles/stat/../../../../../../../{filename}

[PoC]

1.Creating Test Files on C Disk

2.Attempting to download files

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published