Giters

sahar042 / CVE-2023-40297

Stakater Forecastle => v1.0.139 allows directory traversal in the website component

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-40297

Stakater Forecastle => v1.0.139 allows directory traversal in the website component

[Vulnerability Type] Directory Traversal

[Vendor of Product] Stakater

[Affected Product Code Base] Forecastle => v1.0.139

[Affected Component] Affected component(s): URL - https://www.example.com/%5C../etc/passwd

[Attack Type] Local

[Impact Escalation of Privileges] true

[Impact Information Disclosure] true

[Attack Vectors]

Attack vector(s): https://<domain/ip>/%5C../etc/passwd

An attacker can exploit the directory traversal vulnerability by manipulating the URL to traverse outside the intended web directory. By appending "%5C../etc/passwd" to the URL, an unauthorized user can access the sensitive system file "/etc/passwd" containing user account information. This allows the attacker to obtain privileged information about system users, potentially facilitating further attacks.

[Reference] https://github.com/stakater/Forecastle/releases

[Discoverer] Sahar Shlichove

About

Stakater Forecastle => v1.0.139 allows directory traversal in the website component