08 Aoû 2023
Vulnérabilité CVE-2023-37646 CVE Vulnerability
An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal. (CVSS:7.8) (Last Update:2023-08-14 23:40:32)
Vulnerability Details :
An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal.
Exploit prediction scoring system (EPSS) score for CVE-2023-37646
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 %EPSS Score HistoryEPSS FAQ
CVSS scores for CVE-2023-37646
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 | [email protected] |
CWE ids for CVE-2023-37646
- The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: [email protected] (Primary)
References for CVE-2023-37646
- https://gist.github.com/Decamark/868e88aa6aae6b8f4a1dc1991efb83ca Product;Third Party Advisory
- http://bitberry.com Product
Products affected by CVE-2023-37646
- cpe:2.3:a:bitberry:file_opener:23.0:*:*:*:*:*:*:*
