CVEs-PoC/2014/CVE-2014-3975.md

CVE-2014-3975

Description

Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.

POC

Reference

• http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html

Github

No PoCs found on GitHub currently.