Hello, after testing, I found that KiteCMS v1.1 has a vulnerability -- ThinkPHP log information leak.
Anyone can read ThinkPHP's Log through the URL. Such logs contain the administrator's user name, password, operation behavior, system information, etc. Sensitive information brings greater security risks to the system.
Hello, after testing, I found that KiteCMS v1.1 has a vulnerability -- ThinkPHP log information leak.
Anyone can read ThinkPHP's Log through the URL. Such logs contain the administrator's user name, password, operation behavior, system information, etc. Sensitive information brings greater security risks to the system.
URL: http://domain(or IP)/runtime/log/202107/10.log
For example:
http://test.19981.com/runtime/log/202107/10.log
http://test.19981.com/runtime/log/202107/03.log
The text was updated successfully, but these errors were encountered: