4 matches found
CVE-2023-26045
NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...
CVE-2023-26045
NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...
CVE-2023-26045
CVE-2023-26045 affects NodeBB up to 2.8.7, where a path traversal in the user export path (due to object destructuring) could be triggered by a specially crafted payload to arbitrarily execute local JavaScript. Affected range: 2.5.0 through
CVE-2023-26045 NodeBB vulnerable to path traversal and code execution via prototype vulnerability
NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...