CVE-2023-49108

HIGH

RakRak Document Plus <6.4.0.7 - Path Traversal

Title source: llm

Description

Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.

References (2)

Core 2

Core References

Third Party Advisory

https://jvn.jp/en/jp/JVN46895889/

Product

https://rakrak.jp/RakDocSupport/rkspServlet

Scores

CVSS v3 8.8

EPSS 0.0087

EPSS Percentile 54.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

sei-info/rakrak_document_plus 3.2.0.0 - 6.1.1.3a

Published Dec 04, 2023

Tracked Since Feb 18, 2026