CVE-2023-6307 | jeecgboot JimuReport up to 1.6.1 /download/image imageUrl path traversal

Posted by Angelo Barbosa | Nov 26, 2023 | CVE

A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal.

This vulnerability is known as CVE-2023-6307. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6307 | jeecgboot JimuReport up to 1.6.1 /download/image imageUrl path traversal

Related Posts

CVE-2024-35684 | 10up ElasticPress Plugin up to 5.1.0 on WordPress cross-site request forgery

CVE-2024-3814 | tagDiv Composer Plugin up to 4.8 on WordPress Single Module cross site scripting

CVE-2024-20289 | Cisco NX-OS up to 10.4(2) CLI os command injection (cisco-sa-nxos-cmdinj-Lq6jsZhH)

CVE-2023-48760 | Crocoblock JetBlocks for Elementor Plugin on WordPress authorization