cve/CVE-2023-26563.md at 4cdc7cc63082b60e36d1d9d956509a405762a272

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.

POC

Reference

No PoCs from references.

Github

https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565
https://github.com/nomi-sec/PoC-in-GitHub

936 B Raw Blame History

CVE-2023-26563

Description

POC

Reference

Github

936 B

Raw Blame History