PT-2023-27365 · Stakater · Stakater Forecastle

Sahar Shlichove

Publicado

2023-08-13

Atualizado

2024-07-03

CVE-2023-40297

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Stakater Forecastle versions 1.0.139 and before

Description The issue is related to a directory traversal vulnerability in the website component, allowing %5C../ directory traversal. This vulnerability is present in the Stakater Forecastle software.

Recommendations For versions 1.0.139 and before, consider restricting access to the website component to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-40297

GHSA-X8XM-WRJQ-5G54

GO-2024-2865

Produtos afetados

Stakater Forecastle

PT-2023-27365 · Stakater · Stakater Forecastle

CVE-2023-40297

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9