CVE-2023-27703

LOW

pikpak 1.29.2 - Information Disclosure via Debug Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27703. PoCs published by happy0717.

AI-analyzed exploit summary The repository describes an information leakage vulnerability in the Android version of Pikpak (v1.29.2) due to an exposed debug interface (vConsole). The vulnerability is triggered by repeatedly entering incorrect invitation codes, leading to potential XSS and information disclosure.

Description

The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.

Exploits (1)

nomisec WRITEUP 2 stars

by happy0717 · poc

https://github.com/happy0717/CVE-2023-27703

View Code ZIP pw:eip

The repository describes an information leakage vulnerability in the Android version of Pikpak (v1.29.2) due to an exposed debug interface (vConsole). The vulnerability is triggered by repeatedly entering incorrect invitation codes, leading to potential XSS and information disclosure.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pikpak Android v1.29.2

No auth needed

Prerequisites: Pikpak Android app v1.29.2 installed · User interaction to repeatedly enter incorrect codes

MITRE ATT&CK

T1082 - System Information Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Permissions Required

https://drive.google.com/drive/folders/1Szu9pjivVtG93ceECvnoAjeSABVyfDES?usp=sharing

Exploit, Third Party Advisory

https://github.com/happy0717/CVE-2023-27703

Scores

CVSS v3 3.3

EPSS 0.0032

EPSS Percentile 23.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

mypikpak/pikpak 1.29.2

Published Apr 12, 2023

Tracked Since Feb 18, 2026