CVE-2023-50264 | morpheus65535 bazarr up to 1.3.0 /system/backup/download/ send_file filename path traversal (GHSL-2023-192)

Inserito da Angelo Barbosa | Dic 16, 2023 | CVE

A vulnerability classified as critical was found in morpheus65535 bazarr up to 1.3.0. This vulnerability affects the function send_file of the file /system/backup/download/. The manipulation of the argument filename leads to path traversal.

This vulnerability was named CVE-2023-50264. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50264 | morpheus65535 bazarr up to 1.3.0 /system/backup/download/ send_file filename path traversal (GHSL-2023-192)

Post correlati

CVE-2024-4647 | Campcodes Complete Web-Based School Management System 1.0 student_first_payment.php index cross site scripting

CVE-2024-3563 | Genesis Blocks Plugin up to 3.1.3 on WordPress Sharing Block Attribute cross site scripting

CVE-2024-31365 | Themify Post Type Builder Plugin up to 2.0.8 on WordPress cross site scripting

CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery