CVE-2020-19902: BUG:A Arbitrary File Reading Vulnerability in wex/cssjs.php · Issue #3 · vedees/wcms

A Arbitrary File Reading Vulnerability in wex/cssjs.php
There is a vulnerability that can read and modify any files to getshell.
Affected software:WCMS V0.3.2

poc:
use …/ to directory traversal vulnerability.
I can read config.php get admin account.
/wex/cssjs.php?path=…//wcms/config.php&type=css

I can still do it.

Now let’s modify this file.

Click Save

success！

so I can modify php file to getshell.
That Access without login.

Source code:
wex/cssjs.php

We can see there are not filtering with ‘…/’ , that’s why make directory traversal vulnerability.