Daloradius
CVE-2023-0046
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.
AnalysisAI
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-641. Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. Affected products include: Daloradius.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Daloradius
View allCode Injection in GitHub repository lirantal/daloradius prior to master-branch. Rated high severity (CVSS 8.8), this vul
daloRADIUS is an open source RADIUS web management application. Rated high severity (CVSS 8.8), this vulnerability is re
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch. Rated high severity (CVSS 7.5), t
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium sev
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium sev
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Rated medium severity
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today