Description

Acunetix uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.

Remediation

The web application should filter symlinks included inside ZIP files.

References

Reading local files from Facebook's server

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7484)

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)

WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Unauthenticated File Upload Information Disclosure