PT-2023-23125 · Unknown · Repetier Server

Ken Pyle

Publicado

2023-04-24

Atualizado

2023-08-16

CVE-2023-31059

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Repetier Server versions prior to 1.4.11

Description The issue allows directory traversal for reading files that contain credentials. This can be demonstrated by accessing the connectionLost.php file. It is estimated that about 1,766 devices may be potentially affected.

Recommendations For Repetier Server versions prior to 1.4.11, update to version 1.4.11 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-31059

Produtos afetados

Repetier Server

PT-2023-23125 · Unknown · Repetier Server

CVE-2023-31059

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11