CVE-2023-46493 | EverShop NPM up to 1.0.0-rc.7 Request fileBrowser/browser.js readDirSync path traversal

Inserito da Angelo Barbosa | Dic 8, 2023 | CVE

A vulnerability classified as critical was found in EverShop NPM up to 1.0.0-rc.7. This vulnerability affects the function readDirSync of the file fileBrowser/browser.js of the component Request Handler. The manipulation leads to path traversal.

This vulnerability was named CVE-2023-46493. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-46493 | EverShop NPM up to 1.0.0-rc.7 Request fileBrowser/browser.js readDirSync path traversal

Post correlati

CVE-2024-0489 | code-projects Fighting Cock Information System 1.0 edit_chicken.php ref sql injection

CVE-2024-0221 | 10Web Photo Gallery Plugin up to 1.8.19 on WordPress File Rename path traversal

CVE-2024-0442 | Royal Elementor Addons and Templates Plugin up to 1.3.87 on WordPress cross site scripting

CVE-2023-47464 | GL.iNET AX1800 up to 4.4.x Upload API permission