CVE-2025-28367

Description

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey.

PUBLISHED Reserved 2025-03-11 | Published 2025-04-21 | Updated 2025-04-21 | Assigner mitre

References

github.com/i7MEDIA/mojoportal

www.0xlanks.me/blog/cve-2025-28367-advisory/

cve.org (CVE-2025-28367)

nvd.nist.gov (CVE-2025-28367)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.