Published: 12/07/2023 Updated: 26/07/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Subscribe to Nodejs File System Provider

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
syncfusion nodejs file system provider 0102271

CVE-2023-26563 - Local File Read in ASPCore Filemanager Affected repository: githubcom/SyncfusionExamples/ej2-aspcore-file-provider/ Vulnerable versions before Git commit 7c8791084ff86d4a2c225756c490591f6e011a6c The application fails to verify any of the paths provided by the user As a result, it's possible to specify directory traversal sequences ("/"

CWE-22 https://ej2.syncfusion.com/documentation/file-manager/file-system-provider/https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565/https://github.com/SyncfusionExamples/ej2-filemanager-node-filesystem https://nvd.nist.gov https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-26563

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect