How severe is CVE-2023-4172?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-4172?

This is classified as CWE-36, which is a common weakness in software security.

CVE-2023-4172 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.

Related Vulnerabilities

CVE-2021-1296

HIGH

CVSS:7.5(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct d...

CWE-362021

CVE-2021-1297

HIGH

CVSS:7.5(High)

CWE-362021

CVE-2023-2765

HIGH

CVSS:7.5(High)

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the...

CWE-362023

CVE-2024-11978

HIGH

CVSS:7.5(High)

DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

CWE-362024

CVE-2024-13159

HIGH

CVSS:7.5(High)

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CWE-362024

CVE-2024-13160

HIGH

CVSS:7.5(High)

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CWE-362024