S4E

CVE-2023-35843 Scanner

Detects 'Path Traversal' vulnerability in NocoDB affects v. through 0.106.0 (or 0.109.1).

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

2 months 29 days

Scan only one

URL

Toolbox

-

NocoDB is an open-source relational database that is used to build custom cloud-hosted applications. The platform is used by developers to create web and mobile applications, and it is designed to be simple and user-friendly. NocoDB allows developers to create tables, views, and triggers, and it uses SQL to interact with data. The platform is popular because it is easy to set up and use, and it is highly customizable.

The CVE-2023-35843 vulnerability detected in NocoDB through 0.106.0 (or 0.109.1) allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This means that an attacker can gain access to sensitive information on the server, including configuration files, source code, and other sensitive data. This vulnerability can be exploited remotely, which means that an attacker does not need direct access to the server in order to exploit it.

When exploited, this vulnerability can lead to serious consequences for both the platform and its users. An attacker can use the information gained from the server to launch further attacks or to steal sensitive data. They can also use the server as a foothold to gain access to other network resources. In extreme cases, an attacker could even take control of the server and use it for their own purposes.

Thanks to the pro features of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. The platform allows users to automate vulnerability scanning, receive alerts and notifications, and track progress over time. With s4e.io, users can be confident that their digital assets are secure and protected from potential threats.

 

REFERENCES

Get started to protecting your Free Full Security Scan