Path-Traversal Vulnerability in BiblioCraft before 2.4.6 Allows Code Execution
CVE-2023-29478 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.
Learn more about our Web Application Penetration Testing UK.