Path-Traversal Vulnerability in BiblioCraft before 2.4.6 Allows Code Execution

Path-Traversal Vulnerability in BiblioCraft before 2.4.6 Allows Code Execution

CVE-2023-29478 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.

Learn more about our Web Application Penetration Testing UK.