CVE-2023-47313
Last modified
CVE-2023-47313 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the temporary file with an absolute path without validating it. Attackers may modify this API call by referring to arbitrary files. As a result, arbitrary files can be moved to the files directory and so they can be downloaded.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| H-Mdm | Headwind Mdm | 5.22.1 |
References
- https://boltonshield.com/en/cve/cve-2023-47313/Exploit, Third Party Advisory
- https://boltonshield.com/en/cve/cve-2023-47313/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-47313?
How severe is CVE-2023-47313?
How do I fix CVE-2023-47313?
Are you affected by CVE-2023-47313?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST