Skip to content

Critical LFI Vulnerability Reported in Hashnode Blogging Platform

Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server’s IP address, and other network information.
“The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download

Source:: The Hackers News