.. / CVE-2018-12054

Exploit for Schools Alert Management Script - Arbitrary File Read (CVE-2018-12054)

Description:

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal.

Nuclei Template

View the template here CVE-2018-12054.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-12054.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-12054
https://github.com/unh3x/just4cve/issues/4
https://github.com/ARPSyndicate/kenzer-templates
https://www.exploit-db.com/exploits/44874
https://www.exploit-db.com/exploits/44874/