Total.js CMS Path Traversal
High severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jul 17, 2023
Description
Published by the National Vulnerability Database
Sep 5, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Jul 17, 2023
Last updated
Jul 17, 2023
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension.
References