PT-2020-12129 · Chadha · Chadha Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-10-06
·
CVE-2020-10459
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to list files stored on the web server by exploiting a Path Traversal vulnerability in the admin/assetmanager/assetmanager.php file, specifically through the
inpCurrFolder parameter in a POST request. This is made possible by using a dot-dot-slash sequence (../) to traverse the directory.Recommendations
For Chadha PHPKB Standard Multi-Language version 9, as a temporary workaround, consider restricting access to the admin/assetmanager/assetmanager.php file until a patch is available. Additionally, restrict the use of the
inpCurrFolder parameter to prevent directory traversal attacks.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chadha Phpkb Standard Multi-Language