CWE-24
Path Traversal: '../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
CVE-2023-20167 (GCVE-0-2023-20167)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2024-10-28 16:29
VLAI
Title
Cisco Identity Services Engine Path Traversal Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity
6 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/c… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
n/a
|
Date Public
2023-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230517 Cisco Identity Services Engine Path Traversal Vulnerabilities",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:18:54.944928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:29:21.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230517 Cisco Identity Services Engine Path Traversal Vulnerabilities",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu"
}
],
"source": {
"advisory": "cisco-sa-ise-traversal-ZTUgMYhu",
"defect": [
[
"CSCwd07350",
"CSCwe17953"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Identity Services Engine Path Traversal Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20167",
"datePublished": "2023-05-18T00:00:00.000Z",
"dateReserved": "2022-10-27T00:00:00.000Z",
"dateUpdated": "2024-10-28T16:29:21.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3056 (GCVE-0-2023-3056)
Vulnerability from cvelistv5 – Published: 2023-06-02 12:00 – Updated: 2025-01-08 18:05
VLAI
Title
YFCMF index.php path traversal
Summary
A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.230542 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.230542 | signaturepermissions-required |
| https://github.com/HuBenLab/HuBenVulList/blob/mai… | broken-linkexploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230542"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230542"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%201.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T18:05:23.080026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T18:05:31.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "YFCMF",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "p0ison (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In YFCMF bis 3.0.4 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei index.php. Durch Manipulation mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:33:45.276Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230542"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230542"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%201.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-29T10:05:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "YFCMF index.php path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3056",
"datePublished": "2023-06-02T12:00:04.473Z",
"dateReserved": "2023-06-02T11:27:19.579Z",
"dateUpdated": "2025-01-08T18:05:31.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3057 (GCVE-0-2023-3057)
Vulnerability from cvelistv5 – Published: 2023-06-02 12:31 – Updated: 2024-08-02 06:41
VLAI
Title
YFCMF Ajax.php path traversal
Summary
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.230543 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.230543 | signaturepermissions-required |
| https://github.com/HuBenLab/HuBenVulList/blob/mai… | broken-linkexploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230543"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230543"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%202.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "YFCMF",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "p0ison (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: \u0027../filedir\u0027. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in YFCMF bis 3.0.4 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei app/admin/controller/Ajax.php. Mittels dem Manipulieren des Arguments controllername mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:35:39.978Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230543"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230543"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%202.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-29T10:21:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "YFCMF Ajax.php path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3057",
"datePublished": "2023-06-02T12:31:03.252Z",
"dateReserved": "2023-06-02T11:27:21.701Z",
"dateUpdated": "2024-08-02T06:41:04.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3098 (GCVE-0-2023-3098)
Vulnerability from cvelistv5 – Published: 2023-06-05 06:31 – Updated: 2024-08-02 06:48
VLAI
Title
KylinSoft youker-assistant restore_all_sound_file path traversal
Summary
A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.4 (Medium)
4.4 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.230688 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.230688 | signaturepermissions-required |
| https://github.com/i900008/vulndb/blob/main/kylin… | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| KylinSoft | youker-assistant |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230688"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230688"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "youker-assistant",
"vendor": "KylinSoft",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Set3r.Pan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: \u0027../filedir\u0027. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in KylinSoft youker-assistant f\u00fcr KylinOS entdeckt. Dabei betrifft es die Funktion restore_all_sound_file. Durch das Manipulieren mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.0.2-0kylin6k70-23 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:35:03.945Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230688"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230688"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/i900008/vulndb/blob/main/kylinos_vul3.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-05T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-30T08:32:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "KylinSoft youker-assistant restore_all_sound_file path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3098",
"datePublished": "2023-06-05T06:31:03.614Z",
"dateReserved": "2023-06-05T05:07:52.876Z",
"dateUpdated": "2024-08-02T06:48:07.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3239 (GCVE-0-2023-3239)
Vulnerability from cvelistv5 – Published: 2023-06-14 08:31 – Updated: 2024-08-02 06:48
VLAI
Title
OTCMS path traversal
Summary
A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability.
Severity
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.231510 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.231510 | signaturepermissions-required |
| https://github.com/HuBenLab/HuBenVulList/blob/mai… | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OTCMS |
Affected:
6.0
Affected: 6.1 Affected: 6.2 Affected: 6.3 Affected: 6.4 Affected: 6.5 Affected: 6.6 Affected: 6.7 Affected: 6.8 Affected: 6.9 Affected: 6.10 Affected: 6.11 Affected: 6.12 Affected: 6.13 Affected: 6.14 Affected: 6.15 Affected: 6.16 Affected: 6.17 Affected: 6.18 Affected: 6.19 Affected: 6.20 Affected: 6.21 Affected: 6.22 Affected: 6.23 Affected: 6.24 Affected: 6.25 Affected: 6.26 Affected: 6.27 Affected: 6.28 Affected: 6.29 Affected: 6.30 Affected: 6.31 Affected: 6.32 Affected: 6.33 Affected: 6.34 Affected: 6.35 Affected: 6.36 Affected: 6.37 Affected: 6.38 Affected: 6.39 Affected: 6.40 Affected: 6.41 Affected: 6.42 Affected: 6.43 Affected: 6.44 Affected: 6.45 Affected: 6.46 Affected: 6.47 Affected: 6.48 Affected: 6.49 Affected: 6.50 Affected: 6.51 Affected: 6.52 Affected: 6.53 Affected: 6.54 Affected: 6.55 Affected: 6.56 Affected: 6.57 Affected: 6.58 Affected: 6.59 Affected: 6.60 Affected: 6.61 Affected: 6.62 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.231510"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.231510"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "6.5"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7"
},
{
"status": "affected",
"version": "6.8"
},
{
"status": "affected",
"version": "6.9"
},
{
"status": "affected",
"version": "6.10"
},
{
"status": "affected",
"version": "6.11"
},
{
"status": "affected",
"version": "6.12"
},
{
"status": "affected",
"version": "6.13"
},
{
"status": "affected",
"version": "6.14"
},
{
"status": "affected",
"version": "6.15"
},
{
"status": "affected",
"version": "6.16"
},
{
"status": "affected",
"version": "6.17"
},
{
"status": "affected",
"version": "6.18"
},
{
"status": "affected",
"version": "6.19"
},
{
"status": "affected",
"version": "6.20"
},
{
"status": "affected",
"version": "6.21"
},
{
"status": "affected",
"version": "6.22"
},
{
"status": "affected",
"version": "6.23"
},
{
"status": "affected",
"version": "6.24"
},
{
"status": "affected",
"version": "6.25"
},
{
"status": "affected",
"version": "6.26"
},
{
"status": "affected",
"version": "6.27"
},
{
"status": "affected",
"version": "6.28"
},
{
"status": "affected",
"version": "6.29"
},
{
"status": "affected",
"version": "6.30"
},
{
"status": "affected",
"version": "6.31"
},
{
"status": "affected",
"version": "6.32"
},
{
"status": "affected",
"version": "6.33"
},
{
"status": "affected",
"version": "6.34"
},
{
"status": "affected",
"version": "6.35"
},
{
"status": "affected",
"version": "6.36"
},
{
"status": "affected",
"version": "6.37"
},
{
"status": "affected",
"version": "6.38"
},
{
"status": "affected",
"version": "6.39"
},
{
"status": "affected",
"version": "6.40"
},
{
"status": "affected",
"version": "6.41"
},
{
"status": "affected",
"version": "6.42"
},
{
"status": "affected",
"version": "6.43"
},
{
"status": "affected",
"version": "6.44"
},
{
"status": "affected",
"version": "6.45"
},
{
"status": "affected",
"version": "6.46"
},
{
"status": "affected",
"version": "6.47"
},
{
"status": "affected",
"version": "6.48"
},
{
"status": "affected",
"version": "6.49"
},
{
"status": "affected",
"version": "6.50"
},
{
"status": "affected",
"version": "6.51"
},
{
"status": "affected",
"version": "6.52"
},
{
"status": "affected",
"version": "6.53"
},
{
"status": "affected",
"version": "6.54"
},
{
"status": "affected",
"version": "6.55"
},
{
"status": "affected",
"version": "6.56"
},
{
"status": "affected",
"version": "6.57"
},
{
"status": "affected",
"version": "6.58"
},
{
"status": "affected",
"version": "6.59"
},
{
"status": "affected",
"version": "6.60"
},
{
"status": "affected",
"version": "6.61"
},
{
"status": "affected",
"version": "6.62"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "p0ison (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. VDB-231510 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in OTCMS bis 6.62 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin/readDeal.php?mudi=readQrCode. Durch Manipulation des Arguments img mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:39:22.646Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.231510"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.231510"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20obtain%20the%20web%20directory%20path%20and%20other%20information%20leaked%20.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-14T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-13T09:56:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "OTCMS path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3239",
"datePublished": "2023-06-14T08:31:03.407Z",
"dateReserved": "2023-06-14T06:12:39.708Z",
"dateUpdated": "2024-08-02T06:48:08.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3240 (GCVE-0-2023-3240)
Vulnerability from cvelistv5 – Published: 2023-06-14 08:31 – Updated: 2024-11-21 16:06
VLAI
Title
OTCMS usersNews_deal.php path traversal
Summary
A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511.
Severity
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.231511 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.231511 | signaturepermissions-required |
| https://github.com/HuBenLab/HuBenVulList/blob/mai… | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OTCMS |
Affected:
6.0
Affected: 6.1 Affected: 6.2 Affected: 6.3 Affected: 6.4 Affected: 6.5 Affected: 6.6 Affected: 6.7 Affected: 6.8 Affected: 6.9 Affected: 6.10 Affected: 6.11 Affected: 6.12 Affected: 6.13 Affected: 6.14 Affected: 6.15 Affected: 6.16 Affected: 6.17 Affected: 6.18 Affected: 6.19 Affected: 6.20 Affected: 6.21 Affected: 6.22 Affected: 6.23 Affected: 6.24 Affected: 6.25 Affected: 6.26 Affected: 6.27 Affected: 6.28 Affected: 6.29 Affected: 6.30 Affected: 6.31 Affected: 6.32 Affected: 6.33 Affected: 6.34 Affected: 6.35 Affected: 6.36 Affected: 6.37 Affected: 6.38 Affected: 6.39 Affected: 6.40 Affected: 6.41 Affected: 6.42 Affected: 6.43 Affected: 6.44 Affected: 6.45 Affected: 6.46 Affected: 6.47 Affected: 6.48 Affected: 6.49 Affected: 6.50 Affected: 6.51 Affected: 6.52 Affected: 6.53 Affected: 6.54 Affected: 6.55 Affected: 6.56 Affected: 6.57 Affected: 6.58 Affected: 6.59 Affected: 6.60 Affected: 6.61 Affected: 6.62 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.231511"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.231511"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T16:06:39.308991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:06:53.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OTCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "6.5"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7"
},
{
"status": "affected",
"version": "6.8"
},
{
"status": "affected",
"version": "6.9"
},
{
"status": "affected",
"version": "6.10"
},
{
"status": "affected",
"version": "6.11"
},
{
"status": "affected",
"version": "6.12"
},
{
"status": "affected",
"version": "6.13"
},
{
"status": "affected",
"version": "6.14"
},
{
"status": "affected",
"version": "6.15"
},
{
"status": "affected",
"version": "6.16"
},
{
"status": "affected",
"version": "6.17"
},
{
"status": "affected",
"version": "6.18"
},
{
"status": "affected",
"version": "6.19"
},
{
"status": "affected",
"version": "6.20"
},
{
"status": "affected",
"version": "6.21"
},
{
"status": "affected",
"version": "6.22"
},
{
"status": "affected",
"version": "6.23"
},
{
"status": "affected",
"version": "6.24"
},
{
"status": "affected",
"version": "6.25"
},
{
"status": "affected",
"version": "6.26"
},
{
"status": "affected",
"version": "6.27"
},
{
"status": "affected",
"version": "6.28"
},
{
"status": "affected",
"version": "6.29"
},
{
"status": "affected",
"version": "6.30"
},
{
"status": "affected",
"version": "6.31"
},
{
"status": "affected",
"version": "6.32"
},
{
"status": "affected",
"version": "6.33"
},
{
"status": "affected",
"version": "6.34"
},
{
"status": "affected",
"version": "6.35"
},
{
"status": "affected",
"version": "6.36"
},
{
"status": "affected",
"version": "6.37"
},
{
"status": "affected",
"version": "6.38"
},
{
"status": "affected",
"version": "6.39"
},
{
"status": "affected",
"version": "6.40"
},
{
"status": "affected",
"version": "6.41"
},
{
"status": "affected",
"version": "6.42"
},
{
"status": "affected",
"version": "6.43"
},
{
"status": "affected",
"version": "6.44"
},
{
"status": "affected",
"version": "6.45"
},
{
"status": "affected",
"version": "6.46"
},
{
"status": "affected",
"version": "6.47"
},
{
"status": "affected",
"version": "6.48"
},
{
"status": "affected",
"version": "6.49"
},
{
"status": "affected",
"version": "6.50"
},
{
"status": "affected",
"version": "6.51"
},
{
"status": "affected",
"version": "6.52"
},
{
"status": "affected",
"version": "6.53"
},
{
"status": "affected",
"version": "6.54"
},
{
"status": "affected",
"version": "6.55"
},
{
"status": "affected",
"version": "6.56"
},
{
"status": "affected",
"version": "6.57"
},
{
"status": "affected",
"version": "6.58"
},
{
"status": "affected",
"version": "6.59"
},
{
"status": "affected",
"version": "6.60"
},
{
"status": "affected",
"version": "6.61"
},
{
"status": "affected",
"version": "6.62"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "p0ison (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the argument file leads to path traversal: \u0027../filedir\u0027. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231511."
},
{
"lang": "de",
"value": "In OTCMS bis 6.62 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei usersNews_deal.php. Mittels dem Manipulieren des Arguments file mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:35:51.673Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.231511"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.231511"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/HuBenLab/HuBenVulList/blob/main/OTCMS%20was%20discovered%20to%20contain%20an%20arbitrary%20file%20download%20vulenrability%20via%20the%20filename.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-14T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-13T10:00:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "OTCMS usersNews_deal.php path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3240",
"datePublished": "2023-06-14T08:31:04.377Z",
"dateReserved": "2023-06-14T06:12:42.962Z",
"dateUpdated": "2024-11-21T16:06:53.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4171 (GCVE-0-2023-4171)
Vulnerability from cvelistv5 – Published: 2023-08-05 21:00 – Updated: 2024-11-21 15:11
VLAI
Title
Chengdu Flash Flood Disaster Monitoring and Warning System FileDownload.ashx path traversal
Summary
A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.236206 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.236206 | signaturepermissions-required |
| https://github.com/nagenanhai/cve/blob/main/duqu.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chengdu | Flash Flood Disaster Monitoring and Warning System |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.236206"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.236206"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/nagenanhai/cve/blob/main/duqu.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4171",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T15:10:41.464300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:11:21.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Flash Flood Disaster Monitoring and Warning System",
"vendor": "Chengdu",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "xiafine (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \\Service\\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: \u0027../filedir\u0027. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei \\Service\\FileDownload.ashx. Durch die Manipulation des Arguments Files mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T08:23:26.813Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.236206"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.236206"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/nagenanhai/cve/blob/main/duqu.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-05T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-30T08:08:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Chengdu Flash Flood Disaster Monitoring and Warning System FileDownload.ashx path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4171",
"datePublished": "2023-08-05T21:00:06.077Z",
"dateReserved": "2023-08-05T06:38:30.310Z",
"dateUpdated": "2024-11-21T15:11:21.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52076 (GCVE-0-2023-52076)
Vulnerability from cvelistv5 – Published: 2024-01-25 15:30 – Updated: 2025-06-17 21:19
VLAI
Title
Remote Code Execution Vulnerability in Atril's EPUB ebook parsing
Summary
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.
Severity
8.5 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/mate-desktop/atril/security/ad… | x_refsource_CONFIRM |
| https://github.com/mate-desktop/atril/commit/e70b… | x_refsource_MISC |
| https://github.com/mate-desktop/atril/releases/ta… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mate-desktop | atril |
Affected:
< 1.26.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37"
},
{
"name": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50"
},
{
"name": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-25T20:55:51.876073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:29.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "atril",
"vendor": "mate-desktop",
"versions": [
{
"status": "affected",
"version": "\u003c 1.26.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn\u0027t stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-25",
"description": "CWE-25: Path Traversal: \u0027/../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-27",
"description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-15T04:06:07.161Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37"
},
{
"name": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50"
},
{
"name": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html"
}
],
"source": {
"advisory": "GHSA-6mf6-mxpc-jc37",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution Vulnerability in Atril\u0027s EPUB ebook parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-52076",
"datePublished": "2024-01-25T15:30:12.398Z",
"dateReserved": "2023-12-26T12:53:20.670Z",
"dateUpdated": "2025-06-17T21:19:29.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53691 (GCVE-0-2023-53691)
Vulnerability from cvelistv5 – Published: 2025-10-22 00:00 – Updated: 2025-10-22 13:56
VLAI
Summary
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.
Severity
8.3 (High)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | CSMP iSecure Center |
Affected:
0 , ≤ 2023-06-25
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53691",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:56:40.313239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:56:44.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://zhuanlan.zhihu.com/p/639514473"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CSMP iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"lessThanOrEqual": "2023-06-25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:42:57.265Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://zhuanlan.zhihu.com/p/639514473"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-53691",
"datePublished": "2025-10-22T00:00:00.000Z",
"dateReserved": "2025-10-22T00:00:00.000Z",
"dateUpdated": "2025-10-22T13:56:44.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6699 (GCVE-0-2023-6699)
Vulnerability from cvelistv5 – Published: 2024-01-11 06:49 – Updated: 2026-04-08 17:28
VLAI
Title
WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css
Summary
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity
9.1 (Critical)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aresit | WP Compress – Instant Performance & Speed Optimization |
Affected:
0 , ≤ 6.10.33
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3009183%40wp-compress-image-optimizer%2Ftrunk\u0026old=2994665%40wp-compress-image-optimizer%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T19:23:34.757419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:01:00.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Compress \u2013 Instant Performance \u0026 Speed Optimization",
"vendor": "aresit",
"versions": [
{
"lessThanOrEqual": "6.10.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:26.019Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3009183%40wp-compress-image-optimizer%2Ftrunk\u0026old=2994665%40wp-compress-image-optimizer%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-03T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Compress \u2013 Image Optimizer [All-In-One] \u003c= 6.10.33 - Unauthenticated Directory Traversal via css"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6699",
"datePublished": "2024-01-11T06:49:34.348Z",
"dateReserved": "2023-12-11T20:57:21.244Z",
"dateUpdated": "2026-04-08T17:28:26.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.