Описание
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.18 (включая)
Одно из
cpe:2.3:a:libra_file_manager:php_filemanager:*:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.00:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.03:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.05:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.08:*:*:*:*:*:*:*
cpe:2.3:a:libra_file_manager:php_filemanager:1.17:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03367
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string.
EPSS
Процентиль: 87%
0.03367
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-287