Butor Portal is vulnerable to path traversal. Lack of validation on user provided path via the theme t
parameter allows an attacker to to inject malicious substring /wl?t=../../...&h;=
followed by a filename to get access to the file.
CPE | Name | Operator | Version |
---|---|---|---|
butor portal webapp | le | 1.0.13 |
bitbucket.org/account/user/butor-team/projects/PROJ
bitbucket.org/butor-team/portal/commits/all
bitbucket.org/butor-team/portal/commits/cd7055d33e194fcf530100ee1d8d13aa9cde230b
bitbucket.org/butor-team/portal/src/cd7055d33e194fcf530100ee1d8d13aa9cde230b/src/main/java/com/butor/portal/web/servlet/WhiteLabelingServlet.java?at=master
www.gosecure.net/blog/2019/09/30/butor-portal-arbitrary-file-download-vulnerability-cve-2019-13343