Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file.
References
Link | Resource |
---|---|
https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#directory-traversal | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:04
Updated: 2022-10-03T16:22:04
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-20604
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-30T21:29:00.597
Modified: 2019-01-10T14:41:50.353
Link: CVE-2018-20604
JSON object: View
Redhat Information
No data.
CWE