jeecgboot JimuReport image path traversal
CVE-2023-6307

6.3MEDIUM

Key Information:

Vendor: Jeecgboot
Status: Jimureport
Vendor: CVE Published:; 27 November 2023

What is CVE-2023-6307?

A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

JimuReport 1.6.0

JimuReport 1.6.1

References

https://vuldb.com/?id.246133

vdb-entrytechnical-description

https://vuldb.com/?ctiid.246133

signaturepermissions-required

https://github.com/N0b1e6/exp/blob/main/README.md

broken-linkexploit

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2023
Vulnerability Reserved
Nov 26, 2023

Credit

N0b1e6 (VulDB User)

CVE-2023-6307 Data

JSON