Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Path Traversal vulnerability in KindEditor ver <= 4.1.11 #289

Open
eddietcc opened this issue Nov 2, 2018 · 0 comments
Open

Path Traversal vulnerability in KindEditor ver <= 4.1.11 #289

eddietcc opened this issue Nov 2, 2018 · 0 comments

Comments

@eddietcc
Copy link

eddietcc commented Nov 2, 2018

Hello,
The KindEditor <= 4.1.11 have path traversal vulnerability specifically in kindeditor/php/upload_json.php. Anyone can browse the file or directory in “kindeditor/attached/” folder via “path” parameter without authentication.
Through this method the unauthorized user can quickly view on the target host all uploaded files and exposed sensitive information.

Example:

  1. http://example.com/kindeditor/php/upload_json.php?path=/
    1

  2. http://example.com/kindeditor/php/upload_json.php?path=/image/
    2

  3. http://example.com/kindeditor/php/upload_json.php?path=/image/20181009
    3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant