CVE-2014-2069
HIGHEshtery CMS - Path Traversal via File Parameter in FileManager.aspx
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-2069. PoCs published by peng.deng.
AI-analyzed exploit summary The provided text describes a local file disclosure vulnerability in eshtery CMS due to inadequate input validation. The example URL demonstrates how an attacker can read arbitrary local files by manipulating the 'file' parameter in FileManager.aspx.
Description
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
Exploits (1)
The provided text describes a local file disclosure vulnerability in eshtery CMS due to inadequate input validation. The example URL demonstrates how an attacker can read arbitrary local files by manipulating the 'file' parameter in FileManager.aspx.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N