CVE-2023-27179
published 2023-04-11CVE-2023-27179: GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
PriorityP270high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
60.79%
99.0th percentile
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gdidees | gdidees_cms | <= 3.9.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests to /_admin/imgdownload.php with a 'filename' parameter containing path traversal sequences (e.g., '../') indicating directory traversal exploitation. ↗
- →Detect responses with Content-Type 'application/force-download' from /_admin/imgdownload.php, which indicates a file is being served via the vulnerable endpoint. ↗
- →Confirm exploitation by checking response body for the strings '$filename=$_GET["filename"];' and '@readfile($filename) OR die();', indicating the PHP source of the vulnerable file was disclosed. ↗
- →No admin session check is present in imgdownload.php, so unauthenticated requests to the endpoint with a filename parameter should be treated as suspicious. ↗
- ·The vulnerability is unauthenticated — no session validation is enforced before file download, meaning any remote attacker can exploit it without credentials. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GDidees CMS 3.9.1 - Local File Disclosure
exploitdb·2023-04-20·CVSS 7.5
CVE-2023-27179 [HIGH] GDidees CMS 3.9.1 - Local File Disclosure
GDidees CMS 3.9.1 - Local File Disclosure
---
# Exploit Title: GDidees CMS 3.9.1 - Local File Disclosure
# Date : 03/27/2023
# Exploit Author : Hadi Mene
# Vendor Homepage : https://www.gdidees.eu/
# Software Link : https://www.gdidees.eu/cms-1-0.html
# Version : 3.9.1 and earlier
# Tested on : Debian 11
# CVE : CVE-2023-27179
### Summary:
GDidees CMS v3.9.1 and lower versions was discovered to contain a local file disclosure vulnerability via the filename parameter at /_admin/imgdownload.php.
### Description :
Imgdownload.php is mainly used by the QR code generation module to download an QR code.
The vulnerability occurs in line 4 where the filename parameter which will be opened later is not filtered or sanitized.
Furthermore, there is no admin session check in this code as it sho
Nuclei
GDidees CMS v3.9.1 - Arbitrary File Download
nuclei·CVSS 7.5
CVE-2023-27179 [HIGH] GDidees CMS v3.9.1 - Arbitrary File Download
GDidees CMS v3.9.1 - Arbitrary File Download
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
Template:
id: CVE-2023-27179
info:
name: GDidees CMS v3.9.1 - Arbitrary File Download
author: theamanrawat
severity: high
description: |
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
impact: |
An attacker can exploit this vulnerability to download arbitrary files from the server.
remediation: |
Apply the latest patch or upgrade to a newer version of GDidees CMS.
reference:
- https://www.gdidees.eu/cms-1-0.html
- https://gist.github.com/Hadi999/516aa25b953b0cba57089a0c11b1305b
- https://nvd.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171894/GDidees-CMS-3.9.1-Local-File-Disclosure-Directory-Traversal.htmlhttps://gist.github.com/Hadi999/516aa25b953b0cba57089a0c11b1305bhttps://knowledge-base.secureflag.com/vulnerabilities/unrestricted_file_download/unrestricted_file_download_vulnerability.htmlhttps://www.gdidees.eu/cms-1-0.htmlhttp://packetstormsecurity.com/files/171894/GDidees-CMS-3.9.1-Local-File-Disclosure-Directory-Traversal.htmlhttps://gist.github.com/Hadi999/516aa25b953b0cba57089a0c11b1305bhttps://knowledge-base.secureflag.com/vulnerabilities/unrestricted_file_download/unrestricted_file_download_vulnerability.htmlhttps://www.gdidees.eu/cms-1-0.htmlhttps://packetstorm.news/files/id/171894
2023-04-11
Published