CVE-2023-35843

Description

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.

NVD
Severity: HIGH
CVE ID: CVE-2023-35843
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-35843

Refrence: Project Discovery GitHub

Lserein

NocoDB任意文件读取CVE-2023-35843

Refrence: GitHub

b3nguang

CVE-2023-35843 NocoDB 任意文件读取漏洞

Refrence: GitHub

Content on GitHub

codeb0ss | watchers:0

cve-202335843

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub