Lucene search
PRIOn knowledge basePRION:CVE-2018-7669HistoryApr 27, 2018 - 4:29 p.m.
Directory traversal
2018-04-2716:29:00
PRIOn knowledge base
www.prio-n.com
4
0.82 High
EPSS
Percentile
98.4%
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The ‘Log Viewer’ application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the ‘file’ parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional ‘dot dot’ style attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sitecore.net | eq | 8.1 update1 | |
| sitecore.net | eq | 8.1 update2 | |
| sitecore.net | eq | 8.1 update3 | |
| sitecore.net | ge | 8.2 |
Related
exploitpack
exploitpack
Sitecore.Net 8.1 - Directory Traversal
2018-08-06 00:00:00
nvd
nvd
CVE-2018-7669
2018-04-27 16:29:01
checkpoint_advisories
checkpoint_advisories
Sitecore.NET Directory Traversal (CVE-2018-7669)
2020-05-31 00:00:00
packetstorm
packetstorm
Sitecore.NET 8.1 Directory Traversal
2018-04-26 00:00:00
cve
cve
CVE-2018-7669
2018-04-27 16:29:01
zdt
zdt
Sitecore.Net 8.1 - Directory Traversal Vulnerability
2018-08-09 00:00:00
cvelist
cvelist
CVE-2018-7669
2018-04-27 16:00:00
exploitdb
exploitdb
Sitecore.Net 8.1 - Directory Traversal
2018-08-06 00:00:00