Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-26159 PoC — Ametys Cms 信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-26159.yaml
Associated Vulnerability
Title:Ametys Cms 信息泄露漏洞 (CVE-2022-26159)
Description:Ametys Cms是用于在同一台服务器上运行大型企业网站,博客,Intranet 和 Extranet。(Ametys)社区的Cms一个用 Java 编写的免费开源内容管理系统。 Ametys CMS auto-completion plugins 存在信息泄露漏洞,该漏洞源于Ametys CMS 4.5.0 之前的 auto-completion 插件允许远程未经身份验证的攻击者读取文件。
Description
Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
File Snapshot

 id: CVE-2022-26159

info:
  name: Ametys CMS Information Disclosure
  author: Remi Gascou (podaliriu

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.