PT-2018-14739 · Kindeditor · Kindeditor
Eddietcc
·
Published
2018-11-05
·
Updated
2018-12-10
·
CVE-2018-18950
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
KindEditor versions prior to 4.1.12
Description
The issue allows unauthorized access to files or directories within the kindeditor/attached/ folder via the
path parameter in php/upload json.php, without requiring authentication.Recommendations
For versions prior to 4.1.12, update to version 4.1.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the php/upload json.php file to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kindeditor