Vulnerability file address:
\app\admin\Controllers\db.php
User can change the param file[] to download any files.
User use the packdownload functions in Database management,then change the file[] likes ../../../app/Config.php.The package likes this:
`
POST /admin.php/db/packdownload
...
files%5B%5D=../../../app/Config.php
`
then the user can download the zip file,unpack the file to get the config file contents.
The text was updated successfully, but these errors were encountered:
IIIIIuhrey
changed the title
Jellycms background has any file download vulnerability
Jellycms background has arbitrary file download vulnerability
Mar 5, 2022
Vulnerability file address:

\app\admin\Controllers\db.php
User can change the param file[] to download any files.
User use the packdownload functions in Database management,then change the file[] likes ../../../app/Config.php.The package likes this:
`
POST /admin.php/db/packdownload
...
files%5B%5D=../../../app/Config.php
`
then the user can download the zip file,unpack the file to get the config file contents.
The text was updated successfully, but these errors were encountered: