.. / CVE-2018-13980

Exploit for Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion (CVE-2018-13980)

Description:

Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin “filebrowser” is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.

Nuclei Template

View the template here CVE-2018-13980.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-13980.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-13980
https://github.com/ARPSyndicate/kenzer-templates
https://www.exploit-db.com/exploits/45016
https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/
http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html

.. / CVE-2018-13980 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion (CVE-2018-13980)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-13980