CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

**poc**

After login as admin,file manager and downloadfunction  
![image](https://user-images.githubusercontent.com/38547290/148000050-ae715bad-9ea3-4624-860b-61b432fde7bd.png)  
after change path param can read arbitrary file  
![image](https://user-images.githubusercontent.com/38547290/148000126-3a96402f-7f8e-43e5-8dcf-ea8d1f414cd8.png)

**analysis**

location:include/File.php  
![image](https://user-images.githubusercontent.com/38547290/148000366-f84aaf29-4946-4d01-aeb6-16c4ef468fa8.png)

![image](https://user-images.githubusercontent.com/38547290/148000182-ee82b946-c85e-4fe5-a7a0-a82a23bfea2a.png)  
we can use ../ to traverse to the previous directory

**suggest**

you can check path ,for example check if it has `..` then refuse this request

Headline

CVE-2021-46203: arbitrary file read vulnerability · Issue #13 · taogogo/taocms

CVE: Latest News