Security for everyone

CVE-2023-35843 Scanner

Detects 'Path Traversal' vulnerability in NocoDB affects v. through 0.106.0 (or 0.109.1).

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Toolbox

-

NocoDB is an open-source relational database that is used to build custom cloud-hosted applications. The platform is used by developers to create web and mobile applications, and it is designed to be simple and user-friendly. NocoDB allows developers to create tables, views, and triggers, and it uses SQL to interact with data. The platform is popular because it is easy to set up and use, and it is highly customizable.

The CVE-2023-35843 vulnerability detected in NocoDB through 0.106.0 (or 0.109.1) allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This means that an attacker can gain access to sensitive information on the server, including configuration files, source code, and other sensitive data. This vulnerability can be exploited remotely, which means that an attacker does not need direct access to the server in order to exploit it.

When exploited, this vulnerability can lead to serious consequences for both the platform and its users. An attacker can use the information gained from the server to launch further attacks or to steal sensitive data. They can also use the server as a foothold to gain access to other network resources. In extreme cases, an attacker could even take control of the server and use it for their own purposes.

Thanks to the pro features of the SecurityForEveryone.com platform, users can easily and quickly learn about vulnerabilities in their digital assets. The platform allows users to automate vulnerability scanning, receive alerts and notifications, and track progress over time. With SecurityForEveryone.com, users can be confident that their digital assets are secure and protected from potential threats.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture