PT-2017-11924 · Tilde · Tilde Cms
Published
2017-07-24
·
Updated
2017-07-31
·
CVE-2017-11325
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tilde CMS version 1.0.1
Description
An issue in Tilde CMS allows arbitrary files to be read via a file=../ attack on the "actionphp/download.File.php" endpoint.
Recommendations
For Tilde CMS version 1.0.1, consider restricting access to the "actionphp/download.File.php" endpoint until a patch is available. As a temporary workaround, avoid using the
file parameter in the affected endpoint to minimize the risk of exploitation.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tilde Cms