CVE-2023-35843

HIGH EXPLOITED IN THE WILD NUCLEI

Nocodb < 0.106.1 - Path Traversal

Title source: rule

Description

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.

Exploits (2)

nomisec WORKING POC 2 stars

by Lserein · infoleak

https://github.com/Lserein/CVE-2023-35843

View Code ZIP pw:eip

nomisec WORKING POC

by b3nguang · infoleak

https://github.com/b3nguang/CVE-2023-35843

View Code ZIP pw:eip

Nuclei Templates (1)

NocoDB version <= 0.106.1 - Arbitrary File Read

HIGHVERIFIEDby dwisiswant0

Shodan: http.favicon.hash:-2017596142

FOFA: icon_hash=-2017596142

References (3)

[Exploit, Third Party Advisory] https://advisory.dw1.io/60

[Product] https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/packages/nocodb/src/lib/controllers/attachment.ctl.ts#L62-L74

[Product] https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66

Scores

CVSS v3 7.5

EPSS 0.9196

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-09-18

InTheWild.io 2024-09-18

CWE

CWE-22

Status published

Products (1)

nocodb/nocodb < 0.106.1

Published Jun 19, 2023

Tracked Since Feb 18, 2026