CVE-2023-29478

CRITICAL

Bibliocraft < 2.4.6 - Path Traversal

Title source: rule

Description

BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.

Exploits (1)

nomisec WORKING POC 14 stars

by Exopteron · poc

https://github.com/Exopteron/BiblioRCE

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/Exopteron/BiblioRCE

Scores

CVSS v3 9.8

EPSS 0.1718

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

bibliocraftmod/bibliocraft < 2.4.6

Published Apr 07, 2023

Tracked Since Feb 18, 2026