CVE-2023-6021 Exploit

CVE-2023-6021 Exploit

vZip by Prapattimynk

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.Path Traversal: '..\filename'The product uses external input to construct a pathname that should be

Android Android 5.0Exploits And POCs
( 411 ratings )
Price: $0
File CVE-2023-6021 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size 387kb
File Type Zip
Os All
Mod Version Zip
Report Report
CVE-2023-6021 Exploit is the most famous version in the CVE-2023-6021 Exploit series of publisher
Download

LFI in Ray’s log API endpoint allows attackers to read any file on the server without authentication.

Path Traversal: ‘..\filename’
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘..\filename’ (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

A vulnerability has been found in ray (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown functionality of the component Log API Endpoint. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-29. The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘\..\filename’ (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. As an impact it is known to affect confidentiality, integrity, and availability.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.