CVE-2023-4748

Published: Sep 5, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238637 was assigned to this vulnerability.

Affected (1)

Products: Yonyou: Ufida Nc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yonyou Ufida Nc	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

https://github.com/houseoforange/mybugs/blob/main/Yongyou-UFIDA-NC-Arbitrary-File-Read.pdf

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.238637

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.238637

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/houseoforange/mybugs/blob/main/Yongyou-UFIDA-NC-Arbitrary-File-Read.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.238637

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.238637

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.