Primary

Context

Doramart DoraCMS Path Traversal Vulnerability in v3.0.x

Vulnerability

A path traversal vulnerability has been identified in doramart DoraCMS version 3.0.x. The issue arises in the 'createFileByPath' function within the file '/DoraCMS/server/app/router/api/v1.js'. This vulnerability allows for remote exploitation, where an attacker can manipulate input to traverse the file system and potentially access sensitive files. The vulnerability has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized file access and exfiltration via the application's cloud storage integration, according to the VulDB entry.

Reproduction

To reproduce this vulnerability, upload a file using the 'catchimage' feature, which will create a readable file on the server. Then, send a POST request to '/api/v1/files/path' with a payload that includes the path of the uploaded file, effectively leveraging the path traversal flaw to access and download the file through the application's CDN.

Added: Mar 9, 2026, 3:18 AM

Updated: Mar 9, 2026, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

8.0

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

8.0

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Doramart DoraCMS Path Traversal Vulnerability in v3.0.x

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating