CVE-2023-27179 Scanner
Detects 'Arbitrary File Download' vulnerability in GDidees CMS affects v. 3.9.1 and lower.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
GDidees CMS is a user-friendly content management system, widely used by web developers and organizations for creating and managing website content. It provides an easy-to-use interface for web designers and non-technical professionals to create, manage and publish web content with ease. With an extensive range of features, GDidees CMS enables users to create customized websites that meet their individual requirements. It is a popular choice for e-commerce businesses, government agencies, and educational institutions.
One of the vulnerabilities that was detected in earlier versions of GDidees CMS is the arbitrary file download vulnerability - CVE-2023-27179. This vulnerability allows attackers to access sensitive files on the website and steal valuable data. The vulnerability is caused by insufficient input validation in the filename parameter of the imgdownload.php function in the admin interface of the CMS. This vulnerability can lead to severe consequences, as attackers can gain access to confidential data of the organization, such as user credentials, financial data, and other sensitive information.
Exploitation of this vulnerability can lead to serious security problems, including identity theft, financial fraud, and loss of reputation. Attackers can take advantage of this vulnerability to upload malicious files, execute arbitrary code, and even take control of the website. Such attacks can result in extensive damage to the organization, including financial loss, legal and regulatory penalties, and loss of customer trust.
By using securityforeveryone.com platform's pro features, users can quickly and easily identify vulnerabilities in their digital assets. With our powerful and user-friendly scanning tools, users can detect and address security vulnerabilities, effectively minimizing the risk of cyber attacks. Our platform provides real-time insights and recommendations to help users maintain a strong defensive posture against cyber threats. Join our community today and protect your digital assets from potential cyber attacks.
REFERENCES
- http://packetstormsecurity.com/files/171894/GDidees-CMS-3.9.1-Local-File-Disclosure-Directory-Traversal.html
- https://gist.github.com/Hadi999/516aa25b953b0cba57089a0c11b1305b
- https://knowledge-base.secureflag.com/vulnerabilities/unrestricted_file_download/unrestricted_file_download_vulnerability.html
- https://www.gdidees.eu/cms-1-0.html
control security posture