High-Tech BridgeHTB23263Path Traversal in BlackCat CMS
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.05 Low
EPSS
Percentile
92.0%
High-Tech Bridge Security Research Lab discovered vulnerability in BlackCat CMS, which can be exploited to view contents of arbitrary files on the local system. An attacker might be able to obtain potentially sensitive or system information, and even compromise the vulnerable system.
The vulnerability exists due to improper validation of file path in โdlโ HTTP GET parameter, when reading local files using โ/modules/blackcat/widgets/logs.phpโ script. A remote unauthenticated attacker can download arbitrary files from the vulnerable system using directory traversal sequences (โโฆ/โ).
A simple exploit below allows download of โconfig.phpโ file:
http://host/modules/blackcat/widgets/logs.php?dl=/../config.php
| CPE | Name | Operator | Version |
|---|---|---|---|
| blackcat cms | le | 1.1.1 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.05 Low
EPSS
Percentile
92.0%