CVE-2023-35843

HIGH EXPLOITED IN THE WILD NUCLEI

NocoDB < 0.106.1 - Unauthenticated Path Traversal via /download Route

Title source: llm

Exploitation Summary

CVE-2023-35843 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Lserein, b3nguang. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits a path traversal vulnerability in NocoDB to read arbitrary files (e.g., /etc/passwd) via a crafted URL. It supports single URL and batch file input for testing.

Description

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.

Exploits (2)

nomisec WORKING POC 2 stars

by Lserein · infoleak

https://github.com/Lserein/CVE-2023-35843

View Code ZIP pw:eip

This PoC exploits a path traversal vulnerability in NocoDB to read arbitrary files (e.g., /etc/passwd) via a crafted URL. It supports single URL and batch file input for testing.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: NocoDB

No auth needed

Prerequisites: Target must be running a vulnerable version of NocoDB · Network access to the target

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by b3nguang · infoleak

https://github.com/b3nguang/CVE-2023-35843

View Code ZIP pw:eip

This PoC exploits an arbitrary file read vulnerability in NocoDB via path traversal. It sends a crafted HTTP request to read `/etc/passwd` and checks for the presence of 'root' in the response to confirm exploitation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: NocoDB (version not specified)

No auth needed

Prerequisites: Network access to the target NocoDB instance

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

NocoDB version <= 0.106.1 - Arbitrary File Read

HIGHVERIFIEDby dwisiswant0

Shodan: http.favicon.hash:-2017596142

FOFA: icon_hash=-2017596142

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://advisory.dw1.io/60

Product

https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/packages/nocodb/src/lib/controllers/attachment.ctl.ts#L62-L74

Product

https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66

Scores

CVSS v3 7.5

EPSS 0.0786

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-09-18

InTheWild.io 2024-09-18

CWE

CWE-22

Status published

Products (1)

nocodb/nocodb < 0.106.1

Published Jun 19, 2023

Tracked Since Feb 18, 2026