Grandnode Path Traversal Arbitrary file download vulnerability

Summary: A path traversal vulnerability has been reported in Grandnode. LetsEncryptController.cs in the Index action method is the vulnerable component., via which the server access the token validation URL, without authentication. Description: Grandnode is an open-source eCommerce solution powered by .NET Core 2.2, supporting Windows, Linux and Mac operating systems. LetsEncryptController.cs method is used in … Continue reading “Grandnode Path Traversal Arbitrary file download vulnerability”