CVE-2023-26564

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 12, 2023

Updated: Jul 26, 2023

CWE ID 22

Summary

CVE-2023-26564 is a newly discovered vulnerability affecting the Syncfusion EJ2 ASPCore File Provider. This issue allows unauthenticated attackers to traverse directories using the Models/PhysicalFileProvider.cs component. Consequently, attackers can list files within a directory, download existing files, or upload new files to any directory accessible by the web server, posing a significant security risk. The vulnerability needs to be addressed promptly to prevent potential data breaches or unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r-HFNB
https://www.cve.org/CVERecord?id=CVE-2023-26564
https://nvd.nist.gov/vuln/detail/CVE-2023-26564

Back to Vulnerability Database

CVE-2023-26564

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations