CVE-2023-6307 | jeecgboot JimuReport up to 1.6.1 /download/image imageUrl path traversal

Posted by Angelo Barbosa | Nov 26, 2023 | CVE

A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal.

This vulnerability is known as CVE-2023-6307. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-6307 | jeecgboot JimuReport up to 1.6.1 /download/image imageUrl path traversal

Related Posts

CVE-2024-32724 | Woo Product Importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy Plugin authorization

CVE-2024-3178 | Concrete CMS up to 8.5.15/9.2.7 Advanced File Search Filter cross site scripting

CVE-2023-3941 | ZkTeco ZAM170-NF 1.8.25-7354-Ver1.0.0 path traversal (K-ZkTeco-2023-003)

CVE-2024-28249 | Cilium up to 1.13.12/1.14.7/1.15.1 IPsec missing encryption (GHSA-j89h-qrvr-xc36)