CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.

*   Description

AeroCMS v0.0.1 was discovered to contain a Directory traversal vulnerability. The vulnerability is due to the failure to normalize the url. This vulnerability allows an attacker to read arbitrary files in the root directory of a website.

*   Reproduct

1.  Access any interfaces of Folder Path，For example, "/includes, /images, /js, /fonts, css, /admin and /admin/\*"  
    
2.  Within Burpsuite, concat multiple "../" in url，that can access any file in the server root directory, include configuration files or other website files

Headline

CVE-2022-46137: AeroCMS v0.0.1 Directory traversal vulnerability · Issue #7 · MegaTKC/AeroCMS

CVE: Latest News