CVE-2023-27066

CVSS V2 None CVSS V3 None

Description

Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.

Overview

CVE ID
CVE-2023-27066

Assigner
cve@mitre.org

Vulnerability Status
Received

Published Version
2023-05-22T17:15:09

Last Modified Date
2023-05-22T17:15:09

References

Reference URL	Reference Tags
https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner
https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-27066
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27066

History

Created	Old Value	New Value	Data Type	Notes
2023-05-22 18:02:42				Added to TrackCVE