Flatpress < 1.3 - Path Traversal

2023-10-1707:20:28

ProjectDiscovery

github.com

cve

cve2023

huntr

lfi

flatpress

listing

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.

id: CVE-2023-0947

info:
  name: Flatpress < 1.3 - Path Traversal
  author: r3Y3r53
  severity: critical
  description: |
    Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
  reference:
    - https://huntr.dev/bounties/7379d702-72ff-4a5d-bc68-007290015496/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-0947
    - https://github.com/flatpressblog/flatpress/commit/9c4e5d6567e446c472f3adae3b2fe612f66871c7
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-0947
    cwe-id: CWE-22
    epss-score: 0.01537
    epss-percentile: 0.87078
    cpe: cpe:2.3:a:flatpress:flatpress:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: flatpress
    product: flatpress
    shodan-query:
      - http.favicon.hash:-1189292869
      - http.html:"flatpress"
    fofa-query:
      - body="flatpress"
      - icon_hash=-1189292869
  tags: cve,cve2023,huntr,lfi,flatpress,listing

http:
  - method: GET
    path:
      - "{{BaseURL}}/fp-content/"
      - "{{BaseURL}}/flatpress/fp-content/"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "<title>Index of /fp-content</title>")'
        condition: and
# digest: 4b0a00483046022100db682eec34f039c688db1490fcf17d3112ed30b94102b59812a06414755967be022100c9e09a6bf3938aa2d82f3304cdab4f644920d1bfe4ed6e6597de88d981d3ce1e:922c64590222798bb761d5b6d8e72950