Lsec - Security Researcher - Exploit Intelligence Platform

CVE-2023-35844 NOMISEC HIGH WORKING POC

lightdash < 0.510.3 - Path Traversal and Arbitrary File Write via Insecure File Endpoints

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

20 stars

CVSS 7.5

View Code

CVE-2023-35843 NOMISEC HIGH WORKING POC

NocoDB < 0.106.1 - Unauthenticated Path Traversal via /download Route

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.

2 stars

CVSS 7.5

View Code

CVE-2023-34598 NOMISEC CRITICAL SCANNER

Gibbon v25.0.0 - Local File Inclusion via Path Traversal

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.

1 stars

CVSS 9.8

View Code

CVE-2023-35844 INTHEWILD HIGH WORKING POC

lightdash < 0.510.3 - Path Traversal and Arbitrary File Write via Insecure File Endpoints

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

CVSS 7.5

View Code