Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30265: HuBenVulList/CLTPHP6.0 Path Traversal.md at main · HuBenLab/HuBenVulList

CLTPHP <=6.0 is vulnerable to Directory Traversal.

CVE
Open in Source
#vulnerability#git#php#auth

Permalink

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Go to file

  • Go to file

  • Copy path

  • Copy permalink

Cannot retrieve contributors at this time

CLTPHP <= 6.0 Path Traversal****Description

The system client did not handle the parameters correctly, resulting in path traversal.

Vendor Homepage

https://gitee.com/chichu/cltopen/
https://www.cltphp.com/

Author****Proof of Concept

File:application/admin/controller/Template.php

Exploiting this vulnerability requires logging into the system.

payload:

admin/template/edit?file=../../../../../../../../../../etc/passwd&type=../

Related news

CVE-2023-30265: CVE-2023-30265

CLTPHP <=6.0 is vulnerable to Directory Traversal.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE