CVE-2023-27067

CVSS V2 None CVSS V3 None

Description

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx

Overview

CVE ID
CVE-2023-27067

Assigner
cve@mitre.org

Vulnerability Status
Received

Published Version
2023-05-22T19:15:09

Last Modified Date
2023-05-22T19:15:09

References

Reference URL	Reference Tags
https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner
https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-27067
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27067

History

Created	Old Value	New Value	Data Type	Notes
2023-05-22 20:01:29				Added to TrackCVE