Unauthenticated Directory Traversal Vulnerability in Flaskcode Package
CVE-2023-52289 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.
Learn more about our Web Application Penetration Testing UK.