4 matches found
CVE-2023-46496
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint...
CVE-2023-46496
creationtimestamp| type| source ---|---|--- 2023-12-31 17:11:32+00:00| seen| https://t.me/ctinow/161139...
CVE-2023-46496
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint...
CVE-2023-46496
CVE-2023-46496 affects EverShop NPM prior to 1.0.0-rc.8. Affected component: the API endpoint DELETE /api/files, where a directory traversal issue allows a remote attacker to obtain sensitive information. Root cause: unvalidated path handling in the files API enables traversal to restricted files...