Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2023-37474

HIGH

Published 2023-07-14T19:55:22.779Z

Actions:

CVSS Score

V3.0

7.5

/10

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.209

probability

of exploitation in the wild

There is a 20.9% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.964

Higher than 96.4% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Description

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Available Exploits

Copyparty <= 1.8.2 - Directory Traversal

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ID: CVE-2023-37474

Author: shankaracharyatheamanrawat High

References:

Related News

No news articles found for this CVE.

Affected Products

copyparty

Affected Versions:

< 1.8.2

copyparty_project

copyparty

Affected Versions:

0

References

https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg

https://github.com/9001/copyparty/commit/043e3c7dd683113e2b1c15cacb9c8e68f76513ff

http://packetstormsecurity.com/files/173822/Copyparty-1.8.2-Directory-Traversal.html

Published: 2023-07-14T19:55:22.779Z

Last Modified: 2025-02-13T17:01:27.796Z

Copied to clipboard!