Main Vulnerability Database Exploits ID:9297 - Exploit for Path traversal in Simple Editor - CVE-2023-40498

ID:9297 - Exploit for Path traversal in Simple Editor - CVE-2023-40498

Published: September 7, 2023

Vulnerability identifier: #VU79988

Vulnerability risk: High

CVE-ID: CVE-2023-40498

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Simple Editor

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/windows/http/lg_simple_editor_rce

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the cp command implemented in the makeDetailContent method. A remote attacker can send a specially crafted HTTP request and copy files to an arbitrary location on the system.

Successful exploitation of the vulnerability may allows an attacker to compromise the affected system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:9297 - Exploit for Path traversal in Simple Editor - CVE-2023-40498

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human