CVE-2023-49108

high

Description

Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.

References

https://rakrak.jp/RakDocSupport/rkspServlet

https://jvn.jp/en/jp/JVN46895889/

Details

Source: Mitre, NVD

Published: 2023-12-04

Updated: 2023-12-07

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H