> For the complete documentation index, see [llms.txt](https://weed-1.gitbook.io/cve/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://weed-1.gitbook.io/cve/mojoportal/directory-traversal-in-mojoportal-v2.7-cve-2022-40123.md).

# Directory Traversal in mojoPortal v2.7 (CVE-2022-40123)

**Vulnerability Type:** Directory Traversal

**Vendor of Product:** mojoPortal

**Discoverer:** Dat Hoang and Duy Anh of VietSunshine Cyber Security Services

**Affected version:** mojoPortal - 2.7

**Attack Type:** Remote

**Description:** mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.

**Impact:** read arbitrary files in system

**PoC**

**Example of Vulnerable URL:** /DesignTools/CssEditor.aspx?s=framework\&f=../../../../../web.config

<figure><img src="/files/KcQQc9sz8zYalIyakuQ8" alt=""><figcaption></figcaption></figure>
