Published: 05/06/2019 Updated: 24/06/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated malicious users to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.

Vulnerable Product	Search on Vulmon	Subscribe to Product
grandnode grandnode 4.40

# Exploit Title: GrandNode Path Traversal & Arbitrary File Download (Unauthenticated) # Date: 06/23/3019 # Exploit Author: Corey Robinson (twittercom/CRobSec) # Vendor Homepage: grandnodecom/ # Software Link: githubcom/grandnode/grandnode/archive/728ca1ea2f61aead7c8c443407096b0ef476e49ezip # Version: <= v440 (bef ...

GrandNode versions 440 and below suffer from arbitrary file download and path traversal vulnerabilities ...

毕设

graduation-project 仓库说明：毕业设计。 markdown分为六章，完整资料包括代码已存网盘。 Ⅰ 题目 Ⅱ 开题：开题答辩内容+初期理论补充 Ⅲ 中期：开题答辩内容+中期理论补充 Ⅳ 结项：结项答辩内容 Ⅴ 实验及结果 Ⅵ 场景设计总结场景报告 Ⅶ 指导总结 Ⅷ 同学的毕设 Ⅰ 题目：Linux 威�

CWE-22 https://grandnode.com https://github.com/grandnode/grandnode http://packetstormsecurity.com/files/153373/GrandNode-4.40-Path-Traversal-File-Download.html https://nvd.nist.gov https://github.com/Calistamu/graduation-project https://www.exploit-db.com/exploits/47027

CVE-2019-12276

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect