A directory traversal vulnerability was discovered in WUZHI CMS 4.1.0.
There is a directory traversal vulnerability which allows authenticated remote attackers to list files in arbitrary directory.
Vulnerability in /coreframe/app/template/admin/index.php:
A directory traversal vulnerability was discovered in WUZHI CMS 4.1.0.
There is a directory traversal vulnerability which allows authenticated remote attackers to list files in arbitrary directory.
Vulnerability in /coreframe/app/template/admin/index.php:
When str_replace() is called, the transformation of input data is as follows: /...../// -> /...// -> /../
Exploit:
http://127.0.0.1/wuzhicms/www/index.php?dir=/.....///.....///.....///.....///&m=template&f=index&v=listing&_su=wuzhicms&_menuid=31The text was updated successfully, but these errors were encountered: