CVE-2023-39026

HIGH EXPLOITED NUCLEI

FileMage Gateway <1.10.8 - Path Traversal

Title source: llm

Description

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.

Exploits (1)

exploitdb WORKING POC

by Bryce Raindayzz Harty · pythonwebappsmultiple

https://www.exploit-db.com/exploits/51708

View Code ZIP pw:eip

Nuclei Templates (1)

FileMage Gateway - Directory Traversal

HIGHVERIFIEDby DhiyaneshDk

Shodan: title:"FileMage" || cpe:"cpe:2.3:o:microsoft:windows"

References (3)

[Exploit, Third Party Advisory] https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html

[Release Notes] https://www.filemage.io/docs/updates.html#change-log

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/174491/FileMage-Gateway-1.10.9-Local-File-Inclusion.html

Scores

CVSS v3 7.5

EPSS 0.8146

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-04

CWE

CWE-22

Status published

Products (1)

filemage/filemage < 1.10.8

Published Aug 22, 2023

Tracked Since Feb 18, 2026