Security Advisory

CVE-2025-28367

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-21 00:00:00

Last updated 2025-04-21 15:58:19

Assigner mitre

State PUBLISHED

Description

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.

← Browse all CVEs View on cve.org ↗