CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
CVE-2023-4897 (GCVE-0-2023-4897)
Vulnerability from cvelistv5 – Published: 2023-09-11 20:08 – Updated: 2024-09-26 16:09
VLAI
Title
Relative Path Traversal in mintplex-labs/anything-llm
Summary
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
Severity
8.7 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mintplex-labs | mintplex-labs/anything-llm |
Affected:
unspecified , < 0.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/0631af48-84a3-4019-85db-f0f8b12cb0ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mintplex-labs/anything-llm/commit/3c88aec034934bcbad30c5ef1cab62cbbdb98e64"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anythingllm",
"vendor": "mintplexlabs",
"versions": [
{
"lessThan": "0.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4897",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T16:07:55.657696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T16:09:37.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mintplex-labs/anything-llm",
"vendor": "mintplex-labs",
"versions": [
{
"lessThan": "0.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T20:08:40.864Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/0631af48-84a3-4019-85db-f0f8b12cb0ab"
},
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/3c88aec034934bcbad30c5ef1cab62cbbdb98e64"
}
],
"source": {
"advisory": "0631af48-84a3-4019-85db-f0f8b12cb0ab",
"discovery": "EXTERNAL"
},
"title": "Relative Path Traversal in mintplex-labs/anything-llm"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4897",
"datePublished": "2023-09-11T20:08:40.864Z",
"dateReserved": "2023-09-11T20:08:27.707Z",
"dateUpdated": "2024-09-26T16:09:37.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4914 (GCVE-0-2023-4914)
Vulnerability from cvelistv5 – Published: 2023-09-12 14:11 – Updated: 2024-09-26 13:43
VLAI
Title
Relative Path Traversal in cecilapp/cecil
Summary
Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.
Severity
5.8 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cecilapp | cecilapp/cecil |
Affected:
unspecified , < 7.47.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cdd995b2-c983-428b-a73a-827b61b7c06b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cecilapp/cecil/commit/00dc79f10ce723034b7140d79f4ac731d1d902eb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4914",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:43:40.949742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T13:43:50.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cecilapp/cecil",
"vendor": "cecilapp",
"versions": [
{
"lessThan": "7.47.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T14:11:52.739Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cdd995b2-c983-428b-a73a-827b61b7c06b"
},
{
"url": "https://github.com/cecilapp/cecil/commit/00dc79f10ce723034b7140d79f4ac731d1d902eb"
}
],
"source": {
"advisory": "cdd995b2-c983-428b-a73a-827b61b7c06b",
"discovery": "EXTERNAL"
},
"title": "Relative Path Traversal in cecilapp/cecil"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4914",
"datePublished": "2023-09-12T14:11:52.739Z",
"dateReserved": "2023-09-12T14:11:46.153Z",
"dateUpdated": "2024-09-26T13:43:50.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49801 (GCVE-0-2023-49801)
Vulnerability from cvelistv5 – Published: 2024-01-12 21:08 – Updated: 2024-11-14 15:36
VLAI
Title
Lif Auth Server vulnerable to uncontrolled data in path expression
Summary
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.
Severity
4.2 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Lif-Platforms/Lif-Auth-Server/… | x_refsource_CONFIRM |
| https://github.com/Lif-Platforms/Lif-Auth-Server/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lif-Platforms | Lif-Auth-Server |
Affected:
>= 1.3.2, < 1.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f"
},
{
"name": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:34:33.686700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:36:05.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lif-Auth-Server",
"vendor": "Lif-Platforms",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.2, \u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn\u0027t have access to. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T21:08:06.057Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f"
},
{
"name": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb"
}
],
"source": {
"advisory": "GHSA-3v77-pvqq-qg3f",
"discovery": "UNKNOWN"
},
"title": "Lif Auth Server vulnerable to uncontrolled data in path expression "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49801",
"datePublished": "2024-01-12T21:08:06.057Z",
"dateReserved": "2023-11-30T13:39:50.864Z",
"dateUpdated": "2024-11-14T15:36:05.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50255 (GCVE-0-2023-50255)
Vulnerability from cvelistv5 – Published: 2023-12-27 16:16 – Updated: 2024-08-02 22:16
VLAI
Title
Zip Path Traversal in Deepin-Compressor
Summary
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.
Severity
9.3 (Critical)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/linuxdeepin/developer-center/s… | x_refsource_CONFIRM |
| https://github.com/linuxdeepin/deepin-compressor/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| linuxdeepin | developer-center |
Affected:
< 5.12.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "developer-center",
"vendor": "linuxdeepin",
"versions": [
{
"status": "affected",
"version": "\u003c 5.12.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there\u0027s a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T16:16:51.459Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2"
},
{
"name": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6"
}
],
"source": {
"advisory": "GHSA-rw5r-8p9h-3gp2",
"discovery": "UNKNOWN"
},
"title": "Zip Path Traversal in Deepin-Compressor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50255",
"datePublished": "2023-12-27T16:16:51.459Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2024-08-02T22:16:46.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5189 (GCVE-0-2023-5189)
Vulnerability from cvelistv5 – Published: 2023-11-14 22:57 – Updated: 2025-11-20 17:30
VLAI
Title
Hub: insecure galaxy-importer tarfile extraction
Summary
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
Severity
6.3 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:7773 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1536 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:2010 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-5189 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2234387 | issue-trackingx_refsource_REDHAT |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected:
0:0.4.18-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
Unaffected:
0:0.4.18-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 |
Unaffected:
0:0.4.18-2.el8pc , < *
(rpm)
cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8 |
|
| Red Hat | Red Hat Satellite 6.14 for RHEL 8 |
Unaffected:
0:0.4.18-2.el8pc , < *
(rpm)
cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite_capsule:6.14::el8 cpe:/a:redhat:satellite_utils:6.14::el8 |
|
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 |
Unaffected:
0:0.4.19-2.el8pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_maintenance:6.15::el8 |
|
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 |
Unaffected:
0:0.4.19-2.el8pc , < *
(rpm)
cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_maintenance:6.15::el8 |
Date Public
2023-09-26 05:28
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"name": "RHSA-2024:1536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"name": "RHBZ#2234387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:15:00.429640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:16:10.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "python3x-galaxy-importer",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8",
"cpe:/a:redhat:satellite_utils:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_maintenance:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.19-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_maintenance:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.19-2.el8pc",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-09-26T05:28:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:30:17.896Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"name": "RHSA-2024:1536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"name": "RHBZ#2234387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-23T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-26T05:28:00.000Z",
"value": "Made public."
}
],
"title": "Hub: insecure galaxy-importer tarfile extraction",
"x_redhatCweChain": "CWE-23: Relative Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5189",
"datePublished": "2023-11-14T22:57:00.584Z",
"dateReserved": "2023-09-26T05:27:24.004Z",
"dateUpdated": "2025-11-20T17:30:17.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6307 (GCVE-0-2023-6307)
Vulnerability from cvelistv5 – Published: 2023-11-27 01:00 – Updated: 2024-10-11 18:05
VLAI
Title
jeecgboot JimuReport image path traversal
Summary
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.246133 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.246133 | signaturepermissions-required |
| https://github.com/N0b1e6/exp/blob/main/README.md | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jeecgboot | JimuReport |
Affected:
1.6.0
Affected: 1.6.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.246133"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.246133"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/N0b1e6/exp/blob/main/README.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:38.414824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:05:37.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "JimuReport",
"vendor": "jeecgboot",
"versions": [
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "N0b1e6 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In jeecgboot JimuReport bis 1.6.1 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /download/image. Durch Manipulieren des Arguments imageUrl mit unbekannten Daten kann eine relative path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:25:08.548Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.246133"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.246133"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/N0b1e6/exp/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-11-26T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-11-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-12-16T17:55:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "jeecgboot JimuReport image path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-6307",
"datePublished": "2023-11-27T01:00:06.877Z",
"dateReserved": "2023-11-26T15:08:14.077Z",
"dateUpdated": "2024-10-11T18:05:37.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6722 (GCVE-0-2023-6722)
Vulnerability from cvelistv5 – Published: 2023-12-13 10:09 – Updated: 2024-08-02 08:35
VLAI
Title
Relative Path Traversal in Repox
Summary
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
Severity
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Date Public
2023-12-12 11:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Repox",
"vendor": "Repox",
"versions": [
{
"lessThanOrEqual": "2.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David C\u00e1mara Galindo"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andr\u00e9s Elizalde Galdeano"
}
],
"datePublic": "2023-12-12T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files..."
}
],
"value": "A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files..."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T10:09:02.058Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Relative Path Traversal in Repox",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-6722",
"datePublished": "2023-12-13T10:09:02.058Z",
"dateReserved": "2023-12-12T08:04:47.490Z",
"dateUpdated": "2024-08-02T08:35:14.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6825 (GCVE-0-2023-6825)
Vulnerability from cvelistv5 – Published: 2024-03-13 15:27 – Updated: 2026-04-08 17:09
VLAI
Title
File Manager And File Manager Pro (Multiple Versions) - Directory Traversal
Summary
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.
Severity
9.9 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| mndpsingh287 | File Manager |
Affected:
0 , ≤ 7.2.1
(semver)
|
|
| File Manager | File Manager Pro |
Affected:
0 , ≤ 8.3.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3023403%40wp-file-manager%2Ftrunk\u0026old=2984933%40wp-file-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:file_manager_project:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "file_manager",
"vendor": "file_manager_project",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:filemanagerpro:file_manager_pro:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "file_manager_pro",
"vendor": "filemanagerpro",
"versions": [
{
"lessThanOrEqual": "8.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:49:43.088152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T17:56:15.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "File Manager",
"vendor": "mndpsingh287",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "File Manager Pro",
"vendor": "File Manager",
"versions": [
{
"lessThanOrEqual": "8.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Wei\u00dfhaar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:09:47.671Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve"
},
{
"url": "https://github.com/Studio-42/elFinder/blob/master/php/elFinderVolumeDriver.class.php#L6784"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3023403%40wp-file-manager%2Ftrunk\u0026old=2984933%40wp-file-manager%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-04T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "File Manager And File Manager Pro (Multiple Versions) - Directory Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6825",
"datePublished": "2024-03-13T15:27:05.576Z",
"dateReserved": "2023-12-14T18:54:26.691Z",
"dateUpdated": "2026-04-08T17:09:47.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0335 (GCVE-0-2024-0335)
Vulnerability from cvelistv5 – Published: 2024-04-03 18:53 – Updated: 2024-09-19 17:35
VLAI
Title
Malformed Packet Handling
Summary
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)
This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.
Severity
7.5 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | Symphony Plus S+ Operations |
Affected:
3..0;0 , ≤ 3.3 SP1 RU4
(custom)
Affected: 2.1;0 , ≤ 2.1 SP2 RU3 (custom) Affected: 2.0;0 , ≤ 2.0 SP6 TC6 (custom) |
|
| ABB | Symphony Plus S+ Engineering |
Affected:
2.1 , ≤ 2.3 RU3
(custom)
|
|
| ABB | Symphony Plus S+ Analyst |
Affected:
7.0.0.0 , ≤ 7.2.0.2
(custom)
|
Date Public
2024-04-02 18:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_operations:3.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_operations",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "3.3_sp1_ru4",
"status": "affected",
"version": "3.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_operations",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "2.1_sp2_ru3",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_operations",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "2.0_sp6_tc6",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_engineering:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_engineering",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "2.3_ru3",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_analyst:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_analyst",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "7.2.0.2",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T14:10:59.134745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:31:30.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.3 SP1 RU4",
"status": "affected",
"version": "3..0;0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.1 SP2 RU3",
"status": "affected",
"version": "2.1;0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.0 SP6 TC6",
"status": "affected",
"version": "2.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Symphony Plus S+ Engineering",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.3 RU3",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Symphony Plus S+ Analyst",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "7.2.0.2",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-04-02T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T17:35:29.362Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Malformed Packet Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-0335",
"datePublished": "2024-04-03T18:53:25.236Z",
"dateReserved": "2024-01-09T09:25:52.692Z",
"dateUpdated": "2024-09-19T17:35:29.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0549 (GCVE-0-2024-0549)
Vulnerability from cvelistv5 – Published: 2024-04-16 00:00 – Updated: 2024-08-01 18:11
VLAI
Title
Relative Path Traversal in mintplex-labs/anything-llm
Summary
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.
Severity
8.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mintplex-labs | mintplex-labs/anything-llm |
Affected:
unspecified , < 1.0.0
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anythingllm",
"vendor": "mintplexlabs",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0549",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T17:08:21.915452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:33:03.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mintplex-labs/anything-llm",
"vendor": "mintplex-labs",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as \u0027anythingllm.db\u0027. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:49.469Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72"
},
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62"
}
],
"source": {
"advisory": "fcb4001e-0290-4b78-a2f0-91ee5d20cc72",
"discovery": "EXTERNAL"
},
"title": "Relative Path Traversal in mintplex-labs/anything-llm"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-0549",
"datePublished": "2024-04-16T00:00:14.132Z",
"dateReserved": "2024-01-15T00:30:28.942Z",
"dateUpdated": "2024-08-01T18:11:35.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20.1
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
- Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
- realpath() in C
- getCanonicalPath() in Java
- GetFullPath() in ASP.NET
- realpath() or abs_path() in Perl
- realpath() in PHP
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-139: Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.