CVE-2023-26564

CRITICAL

Syncfusion EJ2 ASPCore File Provider 3ac357f - Path Traversal

Title source: llm

Description

The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.

References (3)

Core 3

Core References

Product

https://ej2.syncfusion.com/documentation/file-manager/file-system-provider/

Exploit

https://github.com/RupturaInfoSec/CVE-2023-26563-26564-26565/

View Exploit ZIP pw:eip

Product

https://github.com/SyncfusionExamples/ej2-aspcore-file-provider

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0139

EPSS Percentile 68.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

syncfusion/ej2_aspcore_file_provider

Published Jul 12, 2023

Tracked Since Feb 18, 2026