Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-26564

Published: 12/07/2023 Updated: 26/07/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Syncfusion

Vulnerability Summary

The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.

Vulnerable Product Search on Vulmon Subscribe to Product

syncfusion ej2 aspcore file provider -

Github Repositories

https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565

CVE-2023-26563 - Local File Read in ASPCore Filemanager Affected repository: githubcom/SyncfusionExamples/ej2-aspcore-file-provider/ Vulnerable versions before Git commit 7c8791084ff86d4a2c225756c490591f6e011a6c The application fails to verify any of the paths provided by the user As a result, it's possible to specify directory traversal sequences ("/"

References

CWE-22https://github.com/SyncfusionExamples/ej2-aspcore-file-providerhttps://ej2.syncfusion.com/documentation/file-manager/file-system-provider/https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565/https://nvd.nist.govhttps://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook