exploitDog

GHSA-q332-7cfx-q6r5

Опубликовано: 21 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.

Ссылки

EPSS

Процентиль: 93%

0.10002

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-28367

CVSS3: 6.5

nvd

10 месяцев назад

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.

EPSS

Процентиль: 93%

0.10002

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284