3 matches found
CVE-2018-19114
An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindocid value containing the relative pathname of this uploaded file. For example, the...
CVE-2018-19114
An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindocid value containing the relative pathname of this uploaded file. For example, the...
CVE-2018-19114
MinDoc, up to v1.0.2 , contains an access control flaw: an attacker can escalate privileges by uploading an image containing an admin session and then using a Cookie: mindoc_id with a relative path to that file (e.g., aa/../../uploads/blog/201811/attach_#.jpg). This can grant elevated rights with...