cve/CVE-2023-35844.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

858 B

Raw Blame History

CVE-2023-35844

Description

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

POC

Reference

https://advisory.dw1.io/59

Github

https://github.com/Lserein/CVE-2023-35844
https://github.com/Szlein/CVE-2023-35844
https://github.com/izj007/wechat
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rat857/AtomsPanic
https://github.com/whoami13apt/files2

858 B Raw Blame History

CVE-2023-35844

Description

POC

Reference

Github

858 B

Raw Blame History