PT-2018-6849 · Google · Rendertron

Published

2018-12-17

Updated

2019-01-04

CVE-2017-18354

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Rendertron version 1.0.0

Description: The issue allows for the use of alternative protocols, such as file://, which introduces a Local File Inclusion bug. This enables a remote attacker to read arbitrary files.

Recommendations: For Rendertron version 1.0.0, consider disabling the use of alternative protocols, such as file://, to prevent exploitation of the Local File Inclusion bug until a patch is available. Restrict access to sensitive files and directories to minimize the risk of arbitrary file reading.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-18354

GHSA-J87C-CJ65-VMH5

Affected Products

Rendertron

PT-2018-6849 · Google · Rendertron

CVE-2017-18354

Weakness Enumeration

Related Identifiers

Affected Products

References · 8