13 matches found
CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...
GHSA-9RXP-F27P-WV3H CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files
Summary The Fileeditor controller defines a hiddenItems array containing security-sensitive paths .env, composer.json, vendor/, .git/ but only enforces this protection in the listFiles method. The readFile, saveFile, deleteFileOrFolder, renameFile, createFile, and createFolder endpoints perform n...
CVE-2026-39389
Summary: CVE-2026-39389 affects CI4MS (CodeIgniter 4 CMS skeleton) via a hidden-items authorization bypass in the Fileeditor module. Public docs show that hiddenItems (e.g., .env, composer.json, vendor/, etc.) are enforced only in listing; readFile() allows reading any file under ROOTPATH, and sa...
CVE-2026-39389 CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is fixed in 0.31.4.0...
CVE-2026-39389 CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is fixed in 0.31.4.0...
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
FlexDotnetCMS Access Control Error Vulnerability
FlexDotnetCMS is a flexible , easy to use and full-featured ASP .NET content management system CMS. An access control error vulnerability exists in FileEditor in FlexDotnetCMS versions prior to 1.5.11. A remote authenticated attacker can exploit this vulnerability to read or write existing files...
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
CVE-2020-27386
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...
CVE-2020-27385
FlexDotnetCMS contains an Incorrect Access Control vulnerability in the FileEditor (/Admin/Views/FileEditor/) affecting versions before 1.5.11. An authenticated remote attacker can read and write to existing files outside the web root. The issue is exposed via directory traversal (e.g., ............
CVE-2020-27385
Incorrect Access Control in the FileEditor /Admin/Views/FileEditor/ in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. dot dot path such as...
QiboCMS v7 /ewebeditor/ckfinder/plugins/fileeditor/codemirror/contrib/php/js/net.php 后门
/ewebeditor/ckfinder/plugins/fileeditor/codemirror/contrib/php/js/net.php?php errorreporting7; //设定错误讯息回报的等级 obstart; //打开缓冲区,当缓冲区激活时,所有来自PHP程序的非文件头信息均不会发送,而是保存在内部缓冲区。为了输出缓冲区的内容,可以使用obendflush或flush输出缓冲区的内容。 $mtime = explode' ', microtime; $starttime = $mtime1 + $mtime0; @settimelimit0;...