Webgrind Fileviewer Phtml Arbitrary File Reading Vulnerability Cve 2018 12909
Webgrind Fileviewer Phtml Arbitrary File Reading Vulnerability Cve 2018 12909
Webgrind fileviewer.phtml Arbitrary file reading vulnerability CVE-2018-12909
Vulnerability Description
Webgrind is a set of PHP execution time analysis tools.
Vulnerability Impact
Webgrind <= 1.5
Network surveying and mapping
app=”Webgrind”
Vulnerability reappears
Main page
Method calls in index.php
When the parameter is fileviewer, pass the parameter into the file templates/fileviewer.phtml
Parameter file passed in fileviewer.phtml and displayed on the page through the function highlight_file to verify the POC
1
/index.php?op=fileviewer&file=/etc/passwd
This post is licensed under CC BY 4.0 by the author.