CVE
  • CVE
  • mojoPortal
    • Directory Traversal in mojoPortal v2.7 (CVE-2022-40123)
    • Upload Malicious File in mojoPortal v2.7 (CVE-2022-40341)
Powered by GitBook
On this page
  1. mojoPortal

Directory Traversal in mojoPortal v2.7 (CVE-2022-40123)

PreviousmojoPortalNextUpload Malicious File in mojoPortal v2.7 (CVE-2022-40341)

Last updated 2 years ago

Vulnerability Type: Directory Traversal

Vendor of Product: mojoPortal

Discoverer: Dat Hoang and Duy Anh of VietSunshine Cyber Security Services

Affected version: mojoPortal - 2.7

Attack Type: Remote

Description: mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.

Impact: read arbitrary files in system

PoC

Example of Vulnerable URL: /DesignTools/CssEditor.aspx?s=framework&f=../../../../../web.config