Arbitrary File Read Vulnerability in MIK.starlight 7.9.5.24363

Arbitrary File Read Vulnerability in MIK.starlight 7.9.5.24363

CVE-2021-36233 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.

Learn more about our Web Application Penetration Testing UK.