CVE-2023-6307 | jeecgboot JimuReport up to 1.6.1 /download/image imageUrl path traversal

Posted by Angelo Barbosa | Nov 26, 2023 | CVE

A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal.

This vulnerability is known as CVE-2023-6307. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6307 | jeecgboot JimuReport up to 1.6.1 /download/image imageUrl path traversal

Related Posts

CVE-2023-51714 | Qt up to 5.15.16/6.2.10/6.5.3/6.6.1 HTTP/2 HAndler hpacktable.cpp integer overflow

CVE-2024-27764 | Jeewms up to 3.7 AuthInterceptor Privilege Escalation

CVE-2024-6876 | OSCAT/CODESYS Basic Library up to 3.3.4 out-of-bounds

CVE-2023-7022 | Tongda OA 2017 up to 11.9 delete_all.php DELETE_STR sql injection