Lsec

4 exploits Active since Jun 2023
CVE-2023-35844 NOMISEC HIGH WORKING POC
Lightdash < 0.510.3 - Path Traversal
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
20 stars
CVSS 7.5
CVE-2023-35843 NOMISEC HIGH WORKING POC
Nocodb < 0.106.1 - Path Traversal
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
2 stars
CVSS 7.5
CVE-2023-34598 NOMISEC CRITICAL SCANNER
Gibbon - Path Traversal
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
1 stars
CVSS 9.8
CVE-2023-35844 INTHEWILD HIGH WORKING POC
Lightdash < 0.510.3 - Path Traversal
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
CVSS 7.5