Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2018-7669

Published: 27/04/2018 Updated: 11/08/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Subscribe to Sitecore

Vulnerability Summary

An issue exists in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an malicious user to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sitecore sitecore.net 8.1

sitecore sitecore.net

Exploits

Exploit DB: Sitecore.Net 8.1 - Directory Traversal
# Exploit Title: SitecoreNet 81 - Directory Traversal # Date: 2018-04-23 # CVE: CVE-2018-7669 # Researcher: Chris Moberly at The Missing Link Security # Vendor: Sitecore # Version: CMS - 81 and up (earlier versions untested) # Authentication required: Yes # An issue was discovered in Sitecore CMS that affects at least # 'SitecoreNET 81' rev ...
Exploit DB: Sitecore.NET 8.1 Directory Traversal
SitecoreNET version 81 suffers from a directory traversal vulnerability ...

Github Repositories

https://github.com/palaziv/CVE-2018-7669

Quick and dirty bruteforcer for CVE-2018-7669 (Directory Traversal Vulnerability in Sitecore)

CVE-2018-7669 Quick and dirty bruteforcer for CVE-2018-7669 (Directory Traversal Vulnerability in Sitecore) Usage: /bruteforcepy targetcom PotentialWebsiteName1 PotentialWebsiteName2 127001:8080

References

CWE-22https://kb.sitecore.net/articles/356221http://seclists.org/fulldisclosure/2018/Apr/47https://www.exploit-db.com/exploits/45152/https://nvd.nist.govhttps://github.com/palaziv/CVE-2018-7669https://www.exploit-db.com/exploits/45152/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook