CVE-2019-8903

EIP tracks 1 public exploit for CVE-2019-8903. PoCs published by Riccardo Krauter, Fabio Cogno, including Metasploit module auxiliary/scanner/http/totaljs_traversal. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability (CVE-2019-8903) in Total.js prior to version 3.2.4. It allows reading arbitrary files by manipulating the URI path with traversal sequences.

index.js in Total.js Platform before 3.2.3 allows path traversal.