CVE-2023-35843
Description
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
NVD
Severity: HIGH
CVE ID: CVE-2023-35843
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2023-35843
Refrence: Project Discovery GitHub
Lserein
NocoDB任意文件读取CVE-2023-35843
Refrence: GitHub
b3nguang
CVE-2023-35843 NocoDB 任意文件读取漏洞
Refrence: GitHub
Content on GitHub
codeb0ss | watchers:0
cve-202335843
Refrence: GitHub