Описание
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.
Ссылки
- Product
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.9.1.0 (исключая)
cpe:2.3:a:mojoportal:mojoportal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10002
Средний
6.5 Medium
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 6.5
github
10 месяцев назад
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.
EPSS
Процентиль: 93%
0.10002
Средний
6.5 Medium
CVSS3
Дефекты
CWE-284