vendor:
Bludit
by:
Antonio Cuomo (arkantolo)
N/A
CVSS
HIGH
Arbitrary File Download
22
CWE
Product Name: Bludit
Affected Version From: Bludit version < 3.13.1
Affected Version To: Bludit version 3.13.1
Patch Exists: YES
Related CWE:
CPE: a:bludit:bludit
Platforms Tested: Debian 10 - PHP Version: 7.3.14
2022
Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated)
This exploit allows an authenticated attacker to download arbitrary files from the server. The vulnerability exists in the Backup Plugin of Bludit version < 3.13.1.
Mitigation:
Update Bludit to version 3.13.1 or newer.