newsletter.nextcloud.com: Bypass firewall protection
Unknown
Vulnerability Details
Hi Security team,
I would like to report a vulnerability bypass firewall.
when you are trying to navigate this [link](https://newsletter.nextcloud.com/admin) it needs authentication
but it’s possible to access to admin panel when you add `index.php` after `/admin/`.
`https://newsletter.nextcloud.com/admin/index.php`
P.o.C : video in attachment.
Actions
View on HackerOneReport Stats
- Report ID: 145730
- State: Closed
- Substate: resolved
- Upvotes: 3