CVE-2022-40123
mojoPortal v2.7 is affected by a path traversal vulnerability in the /DesignTools/CssEditor.aspx endpoint, exploitable via the f parameter. The root cause is insufficient filtering/validation of the resource/file path, permitting authenticated attackers to read arbitrary files on the system. No p...