Skip to content

Directory Traversal vulnerability in hap-wi/roxy-wi

High
Aidaho12 published GHSA-cv9w-j9gh-5j3w Mar 12, 2023

Package

pip roxy-wi (pip)

Affected versions

< v6.3.5.0

Patched versions

None

Description

Directory traversal vulnerability allows the access to server-side files.

lfi2

Other files could be retrieved:

  • /proc/sched_debug
  • /etc/httpd/logs/error_log
  • /var/log/httpd/error_log
  • /proc/net/tcp
  • /proc/interrupts
  • /proc/net/arp
  • /proc/cpuinfo
    And
  • /var/log/secure !

Severity

High

CVE ID

CVE-2023-25803

Weaknesses

No CWEs

Credits