Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30269: HuBenVulList/CLTPHP6.0 Improper Input Validation 1.md at main · HuBenLab/HuBenVulList

CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.

CVE
Open in Source
#vulnerability#windows#linux#git#php#auth

CLTPHP <= 6.0 Improper Input Validation 1****Description

The system client did not handle the parameters correctly, resulting in arbitrary file deletion.

Vendor Homepage

https://gitee.com/chichu/cltopen/
https://www.cltphp.com/

Author****Proof of Concept

File:application/admin/controller/Template.php

Exploiting this vulnerability requires logging into the system.

payload:

admin/template/imgDel 

post:folder=../../../../../../../../../&filename=tmp/123

The method of writing output has been executed, but because the images directory does not exist by default, the exploit will fail. If the images directory exists, it can be exploited normally (linux platform). If it is in windows is not affected by the images directory, you can use the vulnerability normally

Related news

CVE-2023-30269: CVE-2023-30269

CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE