Directory Traversal in mojoPortal v2.7 (CVE-2022-40123)

Vulnerability Type: Directory Traversal

Vendor of Product: mojoPortal

Discoverer: Dat Hoang and Duy Anh of VietSunshine Cyber Security Services

Affected version: mojoPortal - 2.7

Attack Type: Remote

Description: mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.

Impact: read arbitrary files in system

PoC

Example of Vulnerable URL: /DesignTools/CssEditor.aspx?s=framework&f=../../../../../web.config

PreviousmojoPortal NextUpload Malicious File in mojoPortal v2.7 (CVE-2022-40341)

Last updated 1 year ago