CVE-2025-28367 Scanner

The software checked, mojoPortal, is a widely used open-source content management system. It is employed by developers and organizations for creating websites, blogs, and portals. MojoPortal is leveraged by small to medium-sized enterprises to manage content and enhance online presence. The software is praised for its flexibility and ease of use, allowing customization and integration with various modules. It is used across industries for its cost-effectiveness and extensibility. Its primary goal is to provide a robust platform for managing web content securely and efficiently.

This scanner detects a directory traversal vulnerability in mojoPortal, specifically in versions <=2.9.0.1. Directory traversal is a flaw that allows attackers to access files and directories stored outside the root directory. The vulnerability in mojoPortal is present in the BetterImageGallery API Controller - ImageHandler Action. If exploited, it can lead to unauthorized access to sensitive files such as the Web.Config file. The impact is significant as it can compromise the integrity and confidentiality of the system.

The technical details of the vulnerability involve a flaw in the handling of file path inputs. Specifically, the 'path' parameter in the BetterImageGallery API Controller is vulnerable. Attackers can manipulate this parameter by inserting traversal sequences like "../../../" to access files elsewhere on the server. The endpoint in question is accessed via a GET request, targeting paths that include sensitive files like Web.Config. Successful exploitation is indicated by the presence of "" elements in the response body. The vulnerability allows a direct breach of data security and system exposure.

The exploitation of this directory traversal vulnerability could lead to numerous detrimental effects. An attacker could gain access to sensitive configuration files, which might contain critical information like database credentials or secret keys. This unauthorized access can further facilitate additional attacks such as injecting malicious code or altering site functionality and appearance. The breach of confidentiality could tarnish user trust, lead to data leaks, and result in significant reputational damage. Moreover, the integrity of stored data is compromised, potentially leading to business continuity issues.

REFERENCES

• https://github.com/i7MEDIA/mojoportal
• https://www.0xlanks.me/blog/cve-2025-28367-advisory/
• https://nvd.nist.gov/vuln/detail/CVE-2025-28367