Arbitrary File Read Vulnerability in MIK.starlight 7.9.5.24363
CVE-2021-36233 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
Learn more about our Web Application Penetration Testing UK.