Directory Traversal Vulnerability in the webtales/rubedo

 

 

Overview

Rubedo is vulnerable Directory Traversal in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path

PoC

domain.com/theme/default/img/%2e%2e/..//etc/passwd URI.

Remediation

issue not fixed yet in an official release

Reference

https://github.com/maroueneboubakri/CVE/tree/master/rubedo-cms

Ready to be protected?

14 days trial , No credit card upfront , Risk free