CVE-2018-13980 PoC — Zeta Producer Desktop CMS 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-13980.yaml

Associated Vulnerability

Title:Zeta Producer Desktop CMS 路径遍历漏洞 (CVE-2018-13980)
Description:Zeta Producer Desktop CMS是一套用于构建和管理网站的内容管理系统（CMS）。 Zeta Producer Desktop CMS 14.2.1之前版本所创建的网站中存在路径遍历漏洞。攻击者可借助filebrowser.main.php脚本中的‘file’参数利用该漏洞读取操作系统上的任意文件。

Description

Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.

File Snapshot


 id: CVE-2018-13980

info:
  name: Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!