CVE-2019-12276

HIGH EXPLOITED NUCLEI

GrandNode 4.40 - Path Traversal

Title source: llm

Description

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.

Exploits (1)

exploitdb WORKING POC

by Corey Robinson · pythonwebappsmultiple

https://www.exploit-db.com/exploits/47027

View Code ZIP pw:eip

Nuclei Templates (1)

GrandNode 4.40 - Local File Inclusion

HIGHby daffainfo

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/153373/GrandNode-4.40-Path-Traversal-File-Download.html

[Third Party Advisory] https://github.com/grandnode/grandnode

[Vendor Advisory] https://grandnode.com

Scores

CVSS v3 7.5

EPSS 0.9184

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-26

CWE

CWE-22

Status published

Products (1)

grandnode/grandnode 4.40

Published Jun 05, 2019

Tracked Since Feb 18, 2026