Lucene search
Takester7CA13522-D0C9-4EFF-A7DD-6FD1A7F205A2HistoryOct 28, 2021 - 5:06 p.m.
Path Traversal in getgrav/grav
2021-10-2817:06:03
takester
www.huntr.dev
21
path traversal
local host
file access
sensitive data disclosure
bug bounty
EPSS
0.002
Percentile
55.6%
Steps:
Host the project locally.
For example if address is http://127.0.0.1:8088 ==> visit http://127.0.0.1:8088/system/config/permissions.yaml
http://127.0.0.1:8088/system/config/permissions.yaml ==> you will get the content of permissions.yaml file.
Impact:
Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.
References
Related
veracode
veracode
Path Traversal
2021-11-08 03:16:50
prion
prion
Path traversal
2021-11-05 15:15:00
osv
osv
CVE-2021-3924
2021-11-05 15:15:07
Path traversal in grav
2021-11-10 16:48:15
github
github
Path traversal in grav
2021-11-10 16:48:15
nvd
nvd
CVE-2021-3924
2021-11-05 15:15:07
cve
cve
CVE-2021-3924
2021-11-05 15:15:07
cvelist
cvelist
CVE-2021-3924 Path Traversal in getgrav/grav
2021-11-05 14:50:20