Path Traversal Vulnerability in Bookly Allows Manipulation of Web Input to File System Calls

CVE-2023-26526

7.7HIGH

Key Information

Vendor: Nota-info
Status: Bookly
Vendor: CVE Published:; 17 May 2024

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.

Affected Version(s)

Bookly <= 21.7.1

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
May 17, 2024
Vulnerability Reserved.
Feb 24, 2023

Collectors

NVD DatabaseMitre Database

Credit

Rafie Muhammad (Patchstack)