CVE-2023-50264 | morpheus65535 bazarr up to 1.3.0 /system/backup/download/ send_file filename path traversal (GHSL-2023-192)

Posted by Angelo Barbosa | Dec 16, 2023 | CVE

A vulnerability classified as critical was found in morpheus65535 bazarr up to 1.3.0. This vulnerability affects the function send_file of the file /system/backup/download/. The manipulation of the argument filename leads to path traversal.

This vulnerability was named CVE-2023-50264. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50264 | morpheus65535 bazarr up to 1.3.0 /system/backup/download/ send_file filename path traversal (GHSL-2023-192)

Related Posts

CVE-2024-3074 | Elementor ImageBox Plugin up to 1.2.8 on WordPress cross site scripting

CVE-2023-49164 | OceanWP Ocean Extra Plugin up to 2.2.2 on WordPress cross-site request forgery

CVE-2024-9226 | fatcatapps Landing Page Cat Plugin up to 1.7.6 on WordPress add_query_arg cross site scripting

CVE-2024-4682 | Campcodes Complete Web-Based School Management System 1.0 exam_timetable_update_form.php exam cross site scripting