Unauthenticated Directory Traversal Vulnerability in Flaskcode Package

CVE-2023-52289 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.

Learn more about our Web Application Penetration Testing UK.