CVE-2025-28367
21.04.2025, 16:15
mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.Enginsight
Vendor | Product | Version |
---|---|---|
mojoportal | mojoportal | 𝑥 ≤ 2.9.1.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration